Medium: golang

🗓️ 09 Jan 2024 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 1 Views

Go net/http chunked encoding may leak data; Windows path prefix fixes in path/filepath.

Reporter	Title	Published	Views	Family All 1269
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus	4 Feb 202518:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in go and opm affect IBM Robotic Process Automation.	16 Jul 202413:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326)	21 Jun 202415:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go	5 Jun 202420:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Go affect IBM Robotic Process Automation for Cloud Pak	4 Feb 202520:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to remote attack due to golang compiler ( CVE-2023-39326 )	11 Apr 202421:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go directory transversal vulnerabilitiy.(CVE-2023-45283)	21 Jun 202415:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go	1 Jul 202405:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Streams is vulnerable to sensitive information leakage and directory traversal attack due to the Golang related packages (CVE-2023-45285, CVE-2023-39326, CVE-2023-45283).	25 Apr 202405:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to directory traversal due to golang compiler ( CVE-2023-45283,CVE-2023-45284, CVE-2023-45285 )	11 Apr 202421:37	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	golang	1.20.12-1.amzn2.0.1	golang-1.20.12-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	x86_64	golang	1.20.12-1.amzn2.0.1	golang-1.20.12-1.amzn2.0.1.x86_64.rpm
Amazon Linux	2	aarch64	golang-bin	1.20.12-1.amzn2.0.1	golang-bin-1.20.12-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	x86_64	golang-bin	1.20.12-1.amzn2.0.1	golang-bin-1.20.12-1.amzn2.0.1.x86_64.rpm
Amazon Linux	2	any	golang-docs	1.20.12-1.amzn2.0.1	golang-docs-1.20.12-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	golang-misc	1.20.12-1.amzn2.0.1	golang-misc-1.20.12-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	aarch64	golang-shared	1.20.12-1.amzn2.0.1	golang-shared-1.20.12-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	x86_64	golang-shared	1.20.12-1.amzn2.0.1	golang-shared-1.20.12-1.amzn2.0.1.x86_64.rpm
Amazon Linux	2	any	golang-src	1.20.12-1.amzn2.0.1	golang-src-1.20.12-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	golang-tests	1.20.12-1.amzn2.0.1	golang-tests-1.20.12-1.amzn2.0.1.noarch.rpm

09 Jan 2024 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.15.3 - 7.5

EPSS0.00318

SSVC

http chunked encoding excess data read windows path prefix root local device path filepath fixes reserved names spaces superscripts