4 matches found
EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1313)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...
BIT-GOLANG-2023-45285 Command 'go get' may unexpectedly fallback to insecure git in cmd/go
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
Code injection
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
CVE-2023-45285
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...