Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.CreditsImre RadReferenceshttps://go.dev/cl/267277https://go.googlesource.com/go/+/da7aa86917811a571e6634b45a457f918b8e6561https://go.dev/issue/42556https://groups.google.com/g/golang-announce/c/NpBGTTmKzpMhttps://pkg.go.dev/vuln/GO-2022-0476https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html
