5 matches found
AZL-37329 CVE-2023-29402 affecting package golang for versions less than 1.21.6-1
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...
AZL-47225 CVE-2023-29402 affecting package golang for versions less than 1.22.7-2
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...
AZL-27122 CVE-2023-29402 affecting package msft-golang for versions less than 1.19.10-1
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...
PT-2023-3109 · Go +11 · Go +11
Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue is related to incorrect code generation when handling directory names with newline characters in the Go programming language's Cgo module. This may result in unexpected behavior when...
Sandstorm Arbitrary File Read Vulnerability
Sandstorm is a personal cloud platform. The platform features file storage, application management, task and project management, and more. A security vulnerability exists in versions prior to Sandstorm build 0.203, which stems from the failure of the 'findFilesToZip' function to filter newline n...