Gopls Listening on 0.0.0.0 Vulnerability Allowing Remote Code Execution
Vulnerability
A vulnerability in the Go language server, gopls, allows for remote code execution. By default, gopls communicates through a pipe, but the -port and -listen flags can be used for debugging. If -listen is set to a value without an explicit host, or if -port is used, gopls will bind to 0.0.0.0. This unintended exposure can enable a malicious actor on the same network to execute arbitrary code via gopls.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
Reproduction
To reproduce this vulnerability, start gopls with the -listen flag set to a value without an explicit host, or use the -port flag. This will cause gopls to listen on 0.0.0.0, exposing it to the network. A malicious party on the same network can then execute arbitrary code via the exposed gopls instance.
Remediation
Users can avoid this vulnerability by not using the -port or -listen flags, or by specifying an explicit host when using the -listen flag.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.