os/exec：Does Golang involve CVE-2024-3566?

[maxucheng0]

Go version

NA

Output of go env in your module/workspace:

NA

What did you do?

I noticed that there is an update on the NVD website regarding the vulnerability CVE-2024-3566(https://nvd.nist.gov/vuln/detail/CVE-2024-3566), which lists Go as one of the affected languages. However, upon reviewing the source material (https://kb.cert.org/vuls/id/123335), the conclusion is that it is not affected. Could you let me know if we have already conducted an analysis of this vulnerability? Thank you.

What did you see happen?

NA

What did you expect to see?

NA

[seankhliao]

Unlike many projects, the Go project does not use GitHub Issues for general discussion or asking questions. GitHub Issues are used for tracking bugs and proposals only.

For questions please refer to https://github.com/golang/go/wiki/Questions