Important: golang

🗓️ 26 Jul 2023 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 3 Views

Golang vulnerabilities include HTML attribute injection, cgo exploitation, and setuid/setgid issues.

Reporter	Title	Published	Views	Family All 353
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023	26 Mar 202504:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator	28 Aug 202308:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.6.2 fixes multiple security vulnerabilities	6 Oct 202316:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Golang Go [CVE-2023-29402]	29 Sep 202320:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Golang Go affect Cloud Pak System	2 Jan 202411:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to privilege escalation due to [CVE-2023-29403]	27 Jul 202316:01	–	ibm
IBM Security Bulletins	Security Bulletin: Buffer overflow, uncontrolled recursion, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service	29 Sep 202516:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-29400, CVE-2023-24540, CVE-2023-24539, X-Force 250518)	25 Sep 202317:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Injection in Golang (CVE-2023-29405)	1 Jul 202518:48	–	ibm
IBM Security Bulletins	Security Bulletin: CVE-2023-24539, CVE-2023-29400, CVE-2023-29403, CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to "Go" affect IBM CICS TX Standard 11.1	15 Sep 202313:23	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	golang	1.20.5-1.amzn2023.0.2	golang-1.20.5-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	golang	1.20.5-1.amzn2023.0.2	golang-1.20.5-1.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	golang-bin	1.20.5-1.amzn2023.0.2	golang-bin-1.20.5-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	golang-bin	1.20.5-1.amzn2023.0.2	golang-bin-1.20.5-1.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	any	golang-docs	1.20.5-1.amzn2023.0.2	golang-docs-1.20.5-1.amzn2023.0.2.noarch.rpm
Amazon Linux	2	any	golang-misc	1.20.5-1.amzn2023.0.2	golang-misc-1.20.5-1.amzn2023.0.2.noarch.rpm
Amazon Linux	2	aarch64	golang-shared	1.20.5-1.amzn2023.0.2	golang-shared-1.20.5-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	golang-shared	1.20.5-1.amzn2023.0.2	golang-shared-1.20.5-1.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	any	golang-src	1.20.5-1.amzn2023.0.2	golang-src-1.20.5-1.amzn2023.0.2.noarch.rpm
Amazon Linux	2	any	golang-tests	1.20.5-1.amzn2023.0.2	golang-tests-1.20.5-1.amzn2023.0.2.noarch.rpm

26 Jul 2023 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 3.19.8

EPSS0.00329

SSVC

html attribute injection cgo exploitation setuid issues unexpected behavior arbitrary code execution