Hunter Wittenborn

**Name of the Vulnerable Software and Affected Versions** Go (affected versions not specified) **Description** The issue is related to the command `go env` which outputs a shell script containing the Go environment. However, `go env` does not sanitize the values, allowing for various bad behaviors when its output is executed as a shell script. This can include executing arbitrary commands or inserting new environment variables. The problem is considered relatively minor because an attacker who can set arbitrary environment variables on a system likely has better attack vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.