Lucene search
K

13 matches found

OSV
OSV
added 2024/06/05 4:15 p.m.4 views

AZL-42386 CVE-2024-24790 affecting package msft-golang for versions less than 1.21.6-1

The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

9.8CVSS6.9AI score0.01952EPSS
Exploits0References1
OSV
OSV
added 2023/12/06 5:15 p.m.8 views

AZL-32101 CVE-2023-45285 affecting package golang for versions less than 1.21.6-1

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

7.5CVSS6.8AI score0.01137EPSS
Exploits0References1
OSV
OSV
added 2023/10/14 2:15 a.m.8 views

AZL-44127 CVE-2023-45853 affecting package blosc for versions less than 1.21.6-1

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

9.8CVSS7.1AI score0.02918EPSS
Exploits0References1
OSV
OSV
added 2023/09/08 5:15 p.m.6 views

AZL-37403 CVE-2023-39319 affecting package golang for versions less than 1.21.6-1

The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...

6.1CVSS6.6AI score0.00798EPSS
Exploits0References1
OSV
OSV
added 2023/09/08 5:15 p.m.6 views

AZL-37386 CVE-2023-39318 affecting package golang for versions less than 1.21.6-1

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS atta...

6.1CVSS6.6AI score0.00815EPSS
Exploits0References1
OSV
OSV
added 2023/06/08 9:15 p.m.7 views

AZL-37337 CVE-2023-29404 affecting package golang for versions less than 1.21.6-1

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

9.8CVSS7.3AI score0.01837EPSS
Exploits0References1
OSV
OSV
added 2023/05/11 4:15 p.m.9 views

AZL-37517 CVE-2023-24540 affecting package golang for versions less than 1.21.6-1

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...

9.8CVSS6.6AI score0.01548EPSS
Exploits0References1
OSV
OSV
added 2023/04/06 4:15 p.m.6 views

AZL-37484 CVE-2023-24534 affecting package golang for versions less than 1.21.6-1

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

7.5CVSS6.6AI score0.01888EPSS
Exploits0References1
OSV
OSV
added 2023/04/06 4:15 p.m.9 views

AZL-37352 CVE-2023-24537 affecting package golang for versions less than 1.21.6-1

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

7.5CVSS6.8AI score0.01412EPSS
Exploits0References1
OSV
OSV
added 2023/02/28 6:15 p.m.7 views

AZL-37481 CVE-2022-41723 affecting package golang for versions less than 1.21.6-1

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

7.5CVSS6.7AI score0.04561EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 3:15 p.m.6 views

AZL-37526 CVE-2022-2879 affecting package golang for versions less than 1.21.6-1

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.7AI score0.01544EPSS
Exploits0References1
OSV
OSV
added 2022/06/23 5:15 p.m.9 views

AZL-37490 CVE-2022-29526 affecting package golang for versions less than 1.21.6-1

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS6.8AI score0.02593EPSS
Exploits1References1
OSV
OSV
added 2022/06/23 5:15 p.m.9 views

AZL-37365 CVE-2022-29526 affecting package golang for versions less than 1.21.6-1

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS6.8AI score0.02593EPSS
Exploits1References1
Rows per page
Query Builder