16 matches found
CVE-2026-42503
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This c...
Linux Distros Unpatched Vulnerability : CVE-2026-42503
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit ho...
Binding to an Unrestricted IP Address
Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address which defaults to 0.0.0.0 when the -port argument is used or the -listen argument is used without specifying a host. An attacker can execute arbitrary code remotely by connecting to the exposed...
EUVD-2026-27872
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
CVE-2026-42503
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
DEBIAN-CVE-2026-42503
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
CVE-2026-42503
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This c...
UBUNTU-CVE-2026-42503
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This c...
CVE-2026-42503 Accidental binding to INADDR_ANY might lead to RCE in golang.org/x/tools/gopls
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
CVE-2026-42503 Accidental binding to INADDR_ANY might lead to RCE in golang.org/x/tools/gopls
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
CVE-2026-42503
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
CVE-2026-42503
The CVE-2026-42503 issue affects gopls (golang.org/x/tools/gopls). When -listen (or -port) is used without an explicit host, gopls binds to 0.0.0.0, potentially allowing a malicious party on the same network to execute arbitrary code. This is described in the NVD entry and corroborated by multipl...
PT-2026-37661
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where the listening address is bound to 0.0.0.0, allowing malicious parties on the same network to...
Malicious code in gopls (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70f8923e6ec83498d938e6e5328b9888a9c8b9fdb046fc744754dbe5a401f1f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3419 Malicious code in gopls (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70f8923e6ec83498d938e6e5328b9888a9c8b9fdb046fc744754dbe5a401f1f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...