5 matches found
CVE-2023-49292 affecting package golang for versions less than 1.20.7-1
CVE-2023-49292 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...
AZL-27814 CVE-2023-29409 affecting package msft-golang for versions less than 1.20.7-1
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...
AZL-28831 CVE-2023-29406 affecting package msft-golang for versions less than 1.20.7-1
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...
AZL-52668 CVE-2023-24539 affecting package golang for versions less than 1.20.7-1
Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...
AZL-52676 CVE-2023-24537 affecting package golang for versions less than 1.20.7-1
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...