4 matches found
Astra Linux – Vulnerability in Golang-1.19, Golang-1.23
The matching of hosts against proxy patterns may improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to “.example.com”, a request to “::1%25.example.com:80” will be incorrectly matched and not be proxied...
Azure Linux 3.0 Security Update: golang / python-tensorboard (CVE-2021-27918)
The version of golang / python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-27918 advisory. - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a...
Azure Linux 3.0 Security Update: golang / python-tensorboard (CVE-2021-29923)
The version of golang / python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-29923 advisory. - Go before 1.17 does not properly consider extraneous zero characters at the beginning o...
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
...