Lucene search
K

6 matches found

OSV
OSV
added 2026/02/05 6:16 p.m.12 views

AZL-76665 CVE-2025-68121 affecting package msft-golang for versions less than 1.24.12-1

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

10CVSS6.7AI score0.00765EPSS
Exploits1References1
CBLMariner
CBLMariner
added 2025/12/06 12:31 a.m.11 views

CVE-2025-61729 affecting package msft-golang for versions less than 1.24.11-1

CVE-2025-61729 affecting package msft-golang for versions less than 1.24.11-1. A patched version of the package is available...

7.5CVSS7.3AI score0.00459EPSS
Exploits2
OSV
OSV
added 2025/10/29 11:16 p.m.9 views

AZL-69164 CVE-2025-61724 affecting package msft-golang 1.24.13-1

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

5.3CVSS7.2AI score0.00526EPSS
Exploits0References1
OSV
OSV
added 2025/06/11 5:15 p.m.7 views

AZL-63866 CVE-2025-4673 affecting package msft-golang for versions less than 1.24.1-3

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS6.8AI score0.0056EPSS
Exploits0References1
OSV
OSV
added 2024/05/08 4:15 p.m.9 views

AZL-40428 CVE-2024-24787 affecting package msft-golang for versions less than 1.22.3

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...

6.4CVSS7.6AI score0.0076EPSS
Exploits1References1
OSV
OSV
added 2023/05/11 4:15 p.m.10 views

AZL-26625 CVE-2023-24539 affecting package msft-golang for versions less than 1.20.11-1

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...

7.3CVSS6.6AI score0.01037EPSS
Exploits0References1
Rows per page
Query Builder