16 matches found
CVE-2023-45283
The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?\. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path...
ROS-20240826-01
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
ROS-20240402-17
A vulnerability in the net/http package of the Go programming language is related to information disclosure. vulnerability could allow a remote attacker to disclose protected information. A vulnerability in the cmd-go component of the Go programming language is related to public data transmission...
BIT-GOLANG-2023-45283 Insecure parsing of Windows paths with a \??\ prefix in path/filepath
The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...
Amazon Linux 2 : golang (ALAS-2024-2388)
The version of golang installed on the remote host is prior to 1.20.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2388 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-477)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-477 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP clie...
Fedora 38 : golang (2023-ace2655259)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ace2655259 advisory. This release includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler and the go command...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20-openssl (SUSE-SU-2023:4472-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4472-1 advisory. - Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:4470-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4470-1 advisory. - The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path...
CVE-2023-45283
The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...
CVE-2023-45283
The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...
Path traversal
The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...
CVE-2023-45283
The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...
CVE-2023-45283
The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...
GO-2023-2185 Insecure parsing of Windows paths with a \??\ prefix in path/filepath
The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...
PT-2023-7933 · Go +4 · Go +4
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.20.11 and 1.21.4 Go versions 1.20.11 and 1.21.4 Description: The filepath package does not recognize paths with a ?? prefix as special. On Windows, a path beginning with ?? is a Root Local Device path equivalent to a pa...