Denial Of Service (DoS)

github.com/go-jose/go-jose is vulnerable to Billion Hashes Attack. The vulnerability is due to the decryptKey function in symmetric.go because it only checks if the value of p2c is a positive integer, but lacks a maximum size check. This allow an attacker to provide a PBES2 encrypted JWE blob wit...

GO-2022-0326 Improper certificate validation in github.com/sigstore/cosign

Cosign can be manipulated to claim that an entry for a signature in the OCI registry exists in the Rekor transparency log even if it does not. This requires the attacker to have pull and push permissions for the signature in OCI. This can happen with both standard signing with a keypair and...

Denial Of Service

github.com/sigstore/cosign is vulnerable to Denial Of Service DoS. The vulnerability arises due to a lack of validation of "l" slice in the FetchAttestations method. An attacker who controls a remote registry can return huge number of attestations to cosign and cause cosign to enter into an endle...

Privilege Escalation

github.com/kubernetes-csi/csi-proxy is vulnerable to Privilege Escalation. The vulnerability is caused by insufficient input sanitization while constructing different commands from the input string passed to different functions implemented in pkg/os/volume/api.go and pkg/os/volume/api.go. A user...

SQL Injection

github.com/flyteorg/flyteadmin is vulnerable to SQL Injection. The vulnerability exists because the custom sql statements are not properly handled which allows an attacker to inject and execute arbitrary sql queries...

Improper Access Control

github.com/kubernetes/ingress-nginx is vulnerable to Improper Access Control. The vulnerability exists because the library does not adequately validate path types. Consequently, an attacker with the ability to create or update ingress objects can utilize directives to evade the sanitization of th...

Remote Code Execution (RCE)

github.com/jumpserver/kokoi is vulnerable to Remote Code Execution. This vulnerability exists due to the lack of sanitized mongodb sessions, allowing an attacker to inject and execute arbitrary code in the system and gain root privileges...

GO-2023-2116 CSRF token validation vulnerability in github.com/gofiber/fiber/v2

A cross-site request forgery vulnerability can allow an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and integrity of the application. The vulnerability is...

GO-2023-2115 CSRF token reuse vulnerability in github.com/gofiber/fiber/v2

A cross-site request forgery vulnerability in this package can allow an attacker to inject arbitrary values and forge malicious requests on behalf of a user. The attacker may inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated use...

GO-2023-2114 Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP context durin...

Credential Hijacking

github.com/artifacthub/hub is vulnerable to Credential Hijacking. This vulnerability exists in the registryIsDockerHub function in oci.go because it does not properly check the domain registry in docker hub, which allows an attacker to deploy a fake OCI registry on a domain ending with docker.io,...

Cross-Site Request Forgery (CSRF)

github.com/gofiber/fiber is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. An attacker is able to trick a user into performing unauthorized actions on the application, such as changing their...

CVE-2023-45683 Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml

github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the...

Arbitrary Code Execution

github.com/golang/go is vulnerable to Arbitrary Code Execution. The vulnerability exists in the isCgoGeneratedFile function at noder.go due to line directives allowing blocked linker and compiler flags to be passed during compilation, which can result in arbitrary code execution when running go...

Cross-Site Scripting (XSS)

github.com/golang/go is vulnerable to Cross-site Scripting XSS. The vulnerability is due improper handling of "" comment tokens, hashbang "!" comment tokens, in...

CVE-2023-42821

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion 0.0.0-20230922105210-14b16010c2ee, which corresponds with commit 14b16010c2ee7ff33a940a541d993bd043a88940, parsing malformed markdown input with parser that uses...

CVE-2023-42821 github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion 0.0.0-20230922105210-14b16010c2ee, which corresponds with commit 14b16010c2ee7ff33a940a541d993bd043a88940, parsing malformed markdown input with parser that uses...

Privilege Escalation

github.com/usememos/memos is vulnerable to Privilege Escalation. The vulnerability exists in JWTMiddleware function at jwt.go due to improper admin privileges which allows an attacker to view high privilege user Admin PRIVATE POST...

CVE-2023-40586 go package github.com/corazawaf/coraza is vulnerable to denial of service

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...

Weak Encryption

github.com/cheqd/cheqd-node is vulnerable to weak encryption. The vulnerability exists in package-lock.json because it does not properly validate the inter-blockchain communication protocol...