Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

60 matches found

OSV
OSVadded 2023/04/06 4:15 p.m.30 views

CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS9.6AI score
Exploits0References6
NVD
NVDadded 2023/04/06 4:15 p.m.22 views

CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS9.6AI score0.00759EPSS
Exploits0References6
OSV
OSVadded 2023/04/06 4:15 p.m.22 views

CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

7.5CVSS7.7AI score
Exploits0References8
Prion
Prionadded 2023/04/06 4:15 p.m.28 views

Design/Logic Flaw

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

5CVSS8.3AI score0.00071EPSS
Exploits0References8Affected Software1
UbuntuCve
UbuntuCveadded 2023/04/06 4:15 p.m.43 views

CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

7.5CVSS6.7AI score0.00071EPSS
Exploits0References7
UbuntuCve
UbuntuCveadded 2023/04/06 4:15 p.m.62 views

CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS6.9AI score0.00759EPSS
Exploits0References9
Prion
Prionadded 2023/04/06 4:15 p.m.35 views

Design/Logic Flaw

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

7.5CVSS9.4AI score0.00759EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2023/04/06 3:50 p.m.28 views

CVE-2023-24538 Backticks not treated as string delimiters in html/template

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.7AI score0.00759EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2023/04/06 3:50 p.m.44 views

CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS6.8AI score0.00759EPSS
Exploits0
Cvelist
Cvelistadded 2023/04/06 3:50 p.m.24 views

CVE-2023-24536 Excessive resource consumption in net/http, net/textproto and mime/multipart

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

8.8AI score0.00071EPSS
Exploits0References8
Debian CVE
Debian CVEadded 2023/04/06 3:50 p.m.40 views

CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

7.5CVSS6.5AI score0.00071EPSS
Exploits0
CVE
CVEadded 2023/04/06 3:50 p.m.678 views

CVE-2023-24536

CVE-2023-24536 affects Go’s mime/multipart and related net/http form parsing. The issue stems from memory accounting and allocations when processing multipart forms, enabling potential denial of service through high CPU/memory usage. The fix improves memory estimation in ReadForm and enforces lim...

7.5CVSS8.8AI score0.00071EPSS
Exploits0References8Affected Software1
OSV
OSVadded 2023/04/05 9:5 p.m.86 views

GO-2023-1703 Backticks not treated as string delimiters in html/template

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS8.8AI score0.00759EPSS
Exploits0References3
Snyk
Snykadded 2023/04/05 9:4 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview std/mime/multipart is a Go standard library package std/mime/multipart Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Multipart form parsing can consume large amounts of CPU and memory when processing for...

8.7CVSS6.8AI score0.00071EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/04/04 12:0 a.m.5 views

PT-2023-9029 · Golang +10 · Golang +10

Name of the Vulnerable Software and Affected Versions: Golang affected versions not specified Description: The issue is related to the consumption of large amounts of CPU and memory when processing form inputs containing a large number of parts. This can be caused by several factors, including th...

9.8CVSS6.5AI score0.944EPSS
Exploits23References302
OSV
OSVadded 2023/02/28 6:15 p.m.1 views

DEBIAN-CVE-2022-41725

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

7.5CVSS6.7AI score0.00065EPSS
Exploits0References1
OSV
OSVadded 2023/02/28 6:15 p.m.2 views

AZL-78992 CVE-2022-41725 affecting package golang 1.25.7-1

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

7.5CVSS6.5AI score0.00065EPSS
Exploits0References1
Prion
Prionadded 2023/02/28 6:15 p.m.27 views

Design/Logic Flaw

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

5CVSS8.3AI score0.00065EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2023/02/21 8:44 p.m.36 views

GO-2023-1569 Excessive resource consumption in mime/multipart

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

7.5CVSS8.5AI score0.00065EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2022/05/07 2:12 p.m.47 views

CVE-2021-44716

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

7.5CVSS3AI score0.00088EPSS
Exploits0References4
Rows per page
Query Builder