Lucene search
K

4 matches found

OSV
OSV
added 2024/10/10 12:55 p.m.10 views

USN-7061-1 golang-1.17 vulnerabilities

Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. CVE-2023-24531 Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not...

9.8CVSS7.1AI score0.03796EPSS
Exploits0References12
OSV
OSV
added 2024/07/09 12:12 p.m.15 views

USN-6886-1 golang-1.21, golang-1.22 vulnerabilities

It was discovered that the Go net/http module did not properly handle the requests when request's headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...

9.8CVSS7AI score0.91969EPSS
Exploits1References10
OSV
OSV
added 2024/03/22 11:7 a.m.3 views

OESA-2024-1306 golang security update

The Go Programming Language. Security Fixes: When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com...

6.5CVSS7.4AI score0.01165EPSS
Exploits0References5
Snyk
Snyk
added 2024/03/05 10:15 p.m.3 views

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual...

7.5CVSS5.5AI score0.00795EPSS
Exploits0References3
Rows per page
Query Builder