Server-Side Request Forgery (SSRF)

github.com/hakobe/paranoidhttp is vulnerable to Server-Side Request Forgery. The vulnerability exists due to the ip.To4 parameter in the safeAddr function of client.go, as the library matches :: to the 127.0.0.1 address, but lacks filtering of private address, which allows a remote attacker to...

Denial Of Service (DoS)

github.com/gambol99/go-marathon is vulnerable to denial of service DoS attacks. The vulnerability is possible due to the nil panic occurrence in the function 'NewClient' in client.go when accessing an empty debug log allowing an attacker to cause an application crash...