CVE-2018-6574: go get RCE

Bookmarked!

This exercise covers a remote command execution in Golang's go get command.

PRO Medium < 1 Hr. 907 Orange Badge

Course

In this exercise, we cover CVE-2018-6574, a vulnerability in Golang's <code>go get</code> command that allows an attacker to gain code execution by installing a malicious library. This example demonstrates how typosquatting can be used to exploit developers' workstations and production systems.

Skills covered

Injection Client Side Operating System Network

CWE-94

Included with PRO

Full course content 1 video Common mistakes

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account