6 matches found
AZL-76665 CVE-2025-68121 affecting package msft-golang for versions less than 1.24.12-1
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...
CVE-2025-61729 affecting package msft-golang for versions less than 1.24.11-1
CVE-2025-61729 affecting package msft-golang for versions less than 1.24.11-1. A patched version of the package is available...
AZL-69164 CVE-2025-61724 affecting package msft-golang 1.24.13-1
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...
AZL-63866 CVE-2025-4673 affecting package msft-golang for versions less than 1.24.1-3
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
AZL-40428 CVE-2024-24787 affecting package msft-golang for versions less than 1.22.3
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...
AZL-26625 CVE-2023-24539 affecting package msft-golang for versions less than 1.20.11-1
Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...