/
DirectorySecurity AdvisoriesPricing
Sign inRequest a trial
Security Advisories

CVE-2025-4674

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-4674

Severity

Unknown

Description

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected.

References

Affected packages


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs