110 matches found
Golang < 1.19.8 / 1.20.x < 1.20.3 Multiple Vulnerabilities
The version of Golang Go installed on the remote host is affected by multiple vulnerabilities, as follows: - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can...
Arbitrary Code Execution
github.com/golang/go is vulnerable to Arbitrary Code Execution. JavaScript templates do not consider backticks as string delimiters and do not escape them properly, which allows an attacker to bypass sanitization and execute arbitrary code on the system...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.19 (SUSE-SU-2023:1792-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1792-1 advisory. Update to 1.19.8 CVE-2023-24534: security: net/http, net/textproto: denial of service from...
AZL-25992 CVE-2023-24538 affecting package golang for versions less than 1.19.8-1
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
AZL-37296 CVE-2023-24538 affecting package golang for versions less than 1.21.6-1
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
AZL-78990 CVE-2023-24538 affecting package golang 1.25.7-1
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
AZL-37411 CVE-2023-24538 affecting package golang for versions less than 1.21.6-1
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
AZL-34751 CVE-2023-24538 affecting package golang for versions less than 1.19.8-1
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
DEBIAN-CVE-2023-24538
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
CVE-2023-24538
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
UBUNTU-CVE-2023-24538
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
CVE-2023-24538
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
CVE-2023-24538 Backticks not treated as string delimiters in html/template
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
CVE-2023-24538 Backticks not treated as string delimiters in html/template
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
GO-2023-1703 Backticks not treated as string delimiters in html/template
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
Cross-site Scripting (XSS)
Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as...
CVE-2023-24538
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system. Mitigation Mitigation...
Google Golang 代码注入漏洞
Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...
go -- multiple vulnerabilities
The Go project reports: go/parser: infinite loop in parsing Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. html/template: backticks not treated as string delimiters Templates di...
SUSE CVE-2010-2236
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors,...