Denial Of Service (DoS)

github.com/golang/go is vulnerable to denial of service. An infinite loop occurs when using xml.NewTokenDecoder with a custom TokenReader...

Denial Of Service(DoS)

github.com/pires/go-proxyproto is vulnerable to denial of service DoS. The vulnerability exists as the function parseVersion1 does not restrict parsing of data until it founds a newline or target stops acknowledging, allowing an attacker to send malicious proxy protocol V1 header to cause a memor...

CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

Design/Logic Flaw

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

CVE-2021-23351 Denial of Service (DoS)

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

CVE-2021-23351

CVE-2021-23351 affects github.com/pires/go-proxyproto prior to 0.5.0. The DoS arises from parseVersion1() where a default bufio.Reader over a net.Conn reads until a newline with no input size limit, allowing a deliberately malformed V1 header to exhaust memory on a server processing proxy protoco...

CVE-2020-28466

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightene...

CVE-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

Server side request forgery (ssrf)

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...

CVE-2021-23345

CVE-2021-23345 affects the Go package github.com/thecodingmachine/gotenberg (and related Chromium module) with a Server-Side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute references an internal file (e.g., ). Connected sources confirm this SSRF behavior and provide ...

Arbitrary Code Execution

github.com/aeraki-framework/aeraki is vulnerable to arbitrary code execution. Workflows triggered on pullrequesttarget have read/write tokens for the base repository and the access to secrets. By explicitly checking out and running the build script from a fork, the untrusted code is running in an...

Information Disclosure

github.com/hashicorp/vault is vulnerable to information disclosure. The server discloses internal IP addresses when responding to certain invalid andd unauthenticated HTTP requests...

Design/Logic Flaw

This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header...

Directory Traversal

github.com/thecodingmachine/gotenberg is vulnerable to directory traversal. An attacker is able to exploit the vulnerability to read arbitrary container files...

Denial Of Service (DoS)

github.com/tidwall/match is vulnerable to denial of service DoS. The vulnerability exists through the parsing of the pattern of repeated in deepMatch...

Denial Of Service (DoS)

github.com/golang/text is vulnerable to Denial Of Service DoS. A buffer overflow vulnerability in language.ParseAcceptLanguage allows an attacker to crash the application as the resize Range is indexed in an insecure manner...

Denial Of Service (DoS)

github.com/dhowden/tag is vulnerable to denial of service. An out-of-bound vulnerability in readTextWithDescrFrame function allows an attacker to crash the application...

Denial Of Service (DoS)

github.com/dhowden/tag is vulnerable to denial of service. An out-of-bound vulnerability in readAtomData function allows an attacker to crash the application...