57 matches found
AZL-42386 CVE-2024-24790 affecting package msft-golang for versions less than 1.21.6-1
The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
AZL-37504 CVE-2023-45290 affecting package golang for versions less than 1.21.6-1
When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...
AZL-37462 CVE-2023-45289 affecting package golang for versions less than 1.21.6-1
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...
CVE-2023-29405 affecting package golang for versions less than 1.21.6-1
CVE-2023-29405 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-29405 affecting package golang for versions less than 1.21.6-1
CVE-2023-29405 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-45290 affecting package golang for versions less than 1.21.6-1
CVE-2023-45290 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-39325 affecting package golang for versions less than 1.21.6-1
CVE-2023-39325 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2022-41722 affecting package golang for versions less than 1.21.6-1
CVE-2022-41722 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-45285 affecting package golang for versions less than 1.21.6-1
CVE-2023-45285 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-44487 affecting package golang for versions less than 1.21.6-1
CVE-2023-44487 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2022-41723 affecting package golang for versions less than 1.21.6-1
CVE-2022-41723 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-39323 affecting package golang for versions less than 1.21.6-1
CVE-2023-39323 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2022-2880 affecting package golang for versions less than 1.21.6-1
CVE-2022-2880 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2024-24785 affecting package golang for versions less than 1.21.6-1
CVE-2024-24785 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-24538 affecting package golang for versions less than 1.21.6-1
CVE-2023-24538 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-29409 affecting package golang for versions less than 1.21.6-1
CVE-2023-29409 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2022-41715 affecting package golang for versions less than 1.21.6-1
CVE-2022-41715 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-39319 affecting package golang for versions less than 1.21.6-1
CVE-2023-39319 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-39318 affecting package golang for versions less than 1.21.6-1
CVE-2023-39318 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...