Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. https://nvd.nist.gov/vuln/detail/CVE-2020-28366