Search criteria

2 vulnerabilities found for github.com/golang/vscode-go by github.com/golang/vscode-go

CVE-2025-68120 (GCVE-0-2025-68120)

Vulnerability from nvd – Published: 2025-12-29 23:46 – Updated: 2025-12-29 23:46
VLAI?
Title
Unexpected untrusted code execution in github.com/golang/vscode-go
Summary
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.
Severity ?
No CVSS data available.
CWE
  • CWE-184 - Incomplete List of Disallowed Inputs
Assigner
Go
References
Impacted products
Vendor Product Version
github.com/golang/vscode-go github.com/golang/vscode-go Affected: 0 , < 0.52.1 (semver)
Create a notification for this product.
Credits
CHOE WONWOO (https://www.linkedin.com/in/wonwoo-choe-908b11390)
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "github.com/golang/vscode-go",
          "product": "github.com/golang/vscode-go",
          "vendor": "github.com/golang/vscode-go",
          "versions": [
            {
              "lessThan": "0.52.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "CHOE WONWOO (https://www.linkedin.com/in/wonwoo-choe-908b11390)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-184: Incomplete List of Disallowed Inputs",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-29T23:46:52.451Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68120"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/CHG4qfcicBU/m/4tanFUymDQAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4249"
        }
      ],
      "title": "Unexpected untrusted code execution in github.com/golang/vscode-go"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-68120",
    "datePublished": "2025-12-29T23:46:52.451Z",
    "dateReserved": "2025-12-15T16:48:04.451Z",
    "dateUpdated": "2025-12-29T23:46:52.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68120 (GCVE-0-2025-68120)

Vulnerability from cvelistv5 – Published: 2025-12-29 23:46 – Updated: 2025-12-29 23:46
VLAI?
Title
Unexpected untrusted code execution in github.com/golang/vscode-go
Summary
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.
Severity ?
No CVSS data available.
CWE
  • CWE-184 - Incomplete List of Disallowed Inputs
Assigner
Go
References
Impacted products
Vendor Product Version
github.com/golang/vscode-go github.com/golang/vscode-go Affected: 0 , < 0.52.1 (semver)
Create a notification for this product.
Credits
CHOE WONWOO (https://www.linkedin.com/in/wonwoo-choe-908b11390)
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "github.com/golang/vscode-go",
          "product": "github.com/golang/vscode-go",
          "vendor": "github.com/golang/vscode-go",
          "versions": [
            {
              "lessThan": "0.52.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "CHOE WONWOO (https://www.linkedin.com/in/wonwoo-choe-908b11390)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-184: Incomplete List of Disallowed Inputs",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-29T23:46:52.451Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68120"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/CHG4qfcicBU/m/4tanFUymDQAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4249"
        }
      ],
      "title": "Unexpected untrusted code execution in github.com/golang/vscode-go"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-68120",
    "datePublished": "2025-12-29T23:46:52.451Z",
    "dateReserved": "2025-12-15T16:48:04.451Z",
    "dateUpdated": "2025-12-29T23:46:52.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}