6 matches found
PT-2026-26773
Name of the Vulnerable Software and Affected Versions goxmlsig versions prior to 1.6.0 goxmlsig versions prior to 1.22 when using older Go versions or go.mod versions Description The validateSignature function in validate.go has a loop variable capture issue in Go versions before 1.22, or when...
CVE-2025-66630
Fiber is a Go web framework. Before 2.52.11 and on Go
AZL-52845 CVE-2023-39323 affecting package golang for versions less than 1.20.10-1
Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...
AZL-37411 CVE-2023-24538 affecting package golang for versions less than 1.21.6-1
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
CVE-2022-1962 Stack exhaustion due to deeply nested types in go/parser
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...
AZL-33629 CVE-2022-29526 affecting package prometheus for versions less than 2.37.0-1
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...