Go · Go · CVE-2023-24531
**Name of the Vulnerable Software and Affected Versions**
Go (affected versions not specified)
**Description**
The issue is related to the command `go env` which outputs a shell script containing the Go environment. However, `go env` does not sanitize the values, allowing for various bad behaviors when its output is executed as a shell script. This can include executing arbitrary commands or inserting new environment variables. The problem is considered relatively minor because an attacker who can set arbitrary environment variables on a system likely has better attack vectors.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.