5 matches found
Malicious code in package-level-3 (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-41399 Malicious code in package-level-3 (npm)
The package communicates with a domain associated with malicious activity...
GoLeash: Mitigating Golang Software Supply Chain Attacks with Runtime Policy Enforcement
Modern software supply chain attacks consist of introducing new, malicious capabilities into trusted third-party software components, in order to propagate to a victim through a package dependency chain. These attacks are especially concerning for the Go language ecosystem, which is extensively...
SUSE CVE-2023-45286
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...
CVE-2023-45286
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...