GHSA-JCXC-RH6W-WF49 Link Following in Iris

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

Directory Traversal

github.com/kataras/iris is vulnerable to directory traversal. A malicious user is able to write to arbitrary locations using UploadFormFiles method in context file due to improper parsing of file paths...

Design/Logic Flaw

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

CVE-2021-23772 Arbitrary File Write

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

Denial Of Service (DoS)

github.com/hashicorp/vault is vulnerable to denial of service. The vulnerability exists input function of raft.go because the entry key size is never checked with the max key size which leads to an application crash...

Privilege Escalation

github.com/moby/moby is vulnerable to privilege escalation. Attempting to copy files to a malicious container using docker cp allows an attacker to change the permission for existing files in the host's system...

CVE-2021-3121

A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this...

Directory Traversal

github.com/grafana/loki is vulnerable to directory traversal. An attacker is able to input malicious rules files with a pathname in the header value X-Scope-OrgID that will expose the location and contents at that location...

GO-2021-0103 Denial of service in github.com/holiman/uint256

Due to improper bounds checking, certain mathematical operations can cause a panic via an out of bounds read. If this package is used to process untrusted user inputs, this may be used as a vector for a denial of service attack...

GHSA-XCF7-Q56X-78GH github.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion

The package github.com/pires/go-proxyproto before 0.6.1 is vulnerable to Denial of Service DoS via creating connections without the proxy protocol header. While this issue was patched in 0.6.0, the fix introduced additional issues which were subsequently patched in 0.6.1...

github.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion

The package github.com/pires/go-proxyproto before 0.6.1 is vulnerable to Denial of Service DoS via creating connections without the proxy protocol header. While this issue was patched in 0.6.0, the fix introduced additional issues which were subsequently patched in 0.6.1...

CVE-2021-23409

The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service DoS via creating connections without the proxy protocol header...

CVE-2021-23409

The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service DoS via creating connections without the proxy protocol header...

CVE-2021-23409

The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service DoS via creating connections without the proxy protocol header...

CVE-2021-23409 Denial of Service (DoS)

The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service DoS via creating connections without the proxy protocol header...

Privilege Escalation

github.com/hashicorp/consul is vulnerable to privilege escalation. The vulnerability exists due to a single L7 deny intention bypassing the default deny policy...

GHSA-4HQ8-GMXX-H6W9 XML Processing error in github.com/crewjam/saml

Impact There are three vulnerabilities in the go encoding/xml package that can allow an attacker to forge part of a signed XML document. For details on this vulnerability see xml-roundtrip-validator Patches In version 0.4.3, all XML input is validated prior to being parsed...

XML Processing error in github.com/crewjam/saml

Impact There are three vulnerabilities in the go encoding/xml package that can allow an attacker to forge part of a signed XML document. For details on this vulnerability see xml-roundtrip-validator Patches In version 0.4.3, all XML input is validated prior to being parsed...

CVE-2021-3538

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker...

CVE-2021-3538

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker...