CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
Vulnerability in archive-zip package of Golang programming language is related to incorrect processing of zip files.
zip files. Exploitation of the vulnerability could allow an attacker to create an arbitrary zip file
Vulnerability of net/http and net/http2 libraries of Go programming language (in part of protocol implementation) is related to uncontrolled processing of HTTP/2 protocol.
HTTP/2) is related to uncontrolled resource consumption due to incorrect header termination detection during CONT/2 frame processing.
header when processing CONTINUATION frames. Exploitation of the vulnerability could allow an attacker,
acting remotely, to cause a denial of service
A vulnerability in the net-netip component of the Golang programming language is related to incorrect operation of the Is methods
(IsPrivate, IsLoopback, etc.) methods. Exploitation of the vulnerability may allow an intruder to bypass the existing
access restriction policy
Vulnerability of net-netip component of Golang programming language is related to incorrect handling of cases,
when the server responds to a request with an “Expect: 100-continue” header with a non-informational status.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service