Lucene search
K

110 matches found

Tenable Nessus
Tenable Nessus
added 2023/04/18 12:0 a.m.87 views

Golang < 1.19.8 / 1.20.x < 1.20.3 Multiple Vulnerabilities

The version of Golang Go installed on the remote host is affected by multiple vulnerabilities, as follows: - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can...

9.8CVSS6.8AI score0.02281EPSS
Exploits0References8
Veracode
Veracode
added 2023/04/11 11:30 p.m.40 views

Arbitrary Code Execution

github.com/golang/go is vulnerable to Arbitrary Code Execution. JavaScript templates do not consider backticks as string delimiters and do not escape them properly, which allows an attacker to bypass sanitization and execute arbitrary code on the system...

9.8CVSS9.5AI score0.02281EPSS
Exploits0References7Affected Software18
Tenable Nessus
Tenable Nessus
added 2023/04/07 12:0 a.m.43 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.19 (SUSE-SU-2023:1792-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1792-1 advisory. Update to 1.19.8 CVE-2023-24534: security: net/http, net/textproto: denial of service from...

9.8CVSS6.8AI score0.02281EPSS
Exploits0References14
OSV
OSV
added 2023/04/06 4:15 p.m.7 views

AZL-25992 CVE-2023-24538 affecting package golang for versions less than 1.19.8-1

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS6.8AI score0.02281EPSS
Exploits0References1
OSV
OSV
added 2023/04/06 4:15 p.m.7 views

AZL-37296 CVE-2023-24538 affecting package golang for versions less than 1.21.6-1

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS7.1AI score0.02281EPSS
Exploits0References1
OSV
OSV
added 2023/04/06 4:15 p.m.6 views

AZL-78990 CVE-2023-24538 affecting package golang 1.25.7-1

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS6.8AI score0.02281EPSS
Exploits0References1
OSV
OSV
added 2023/04/06 4:15 p.m.10 views

AZL-37411 CVE-2023-24538 affecting package golang for versions less than 1.21.6-1

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS6.8AI score0.02281EPSS
Exploits0References1
OSV
OSV
added 2023/04/06 4:15 p.m.7 views

AZL-34751 CVE-2023-24538 affecting package golang for versions less than 1.19.8-1

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS6.8AI score0.02281EPSS
Exploits0References1
OSV
OSV
added 2023/04/06 4:15 p.m.2 views

DEBIAN-CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS6.7AI score0.02281EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/04/06 4:15 p.m.64 views

CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS6.9AI score0.02281EPSS
Exploits0References9
OSV
OSV
added 2023/04/06 4:15 p.m.2 views

UBUNTU-CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS6.9AI score0.02281EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2023/04/06 3:50 p.m.45 views

CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS6.8AI score0.02281EPSS
Exploits0
Cvelist
Cvelist
added 2023/04/06 3:50 p.m.33 views

CVE-2023-24538 Backticks not treated as string delimiters in html/template

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.7AI score0.02281EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/04/06 3:50 p.m.10 views

CVE-2023-24538 Backticks not treated as string delimiters in html/template

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.5AI score0.02281EPSS
Exploits0References5
OSV
OSV
added 2023/04/05 9:5 p.m.88 views

GO-2023-1703 Backticks not treated as string delimiters in html/template

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS8.8AI score0.02281EPSS
Exploits0References3
Snyk
Snyk
added 2023/04/05 9:5 p.m.2 views

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as...

9.8CVSS5.5AI score0.02281EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/04/04 8:43 p.m.45 views

CVE-2023-24538

A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system. Mitigation Mitigation...

9.8CVSS9.7AI score0.02281EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.4 views

Google Golang 代码注入漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

9.8CVSS6.9AI score0.02281EPSS
Exploits0References23
FreeBSD
FreeBSD
added 2023/04/04 12:0 a.m.43 views

go -- multiple vulnerabilities

The Go project reports: go/parser: infinite loop in parsing Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. html/template: backticks not treated as string delimiters Templates di...

9.8CVSS7.8AI score0.02281EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.6 views

SUSE CVE-2010-2236

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors,...

6CVSS7.9AI score0.0306EPSS
Exploits1References4
Rows per page
Query Builder