25 matches found
AZL-37462 CVE-2023-45289 affecting package golang for versions less than 1.21.6-1
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...
AZL-37504 CVE-2023-45290 affecting package golang for versions less than 1.21.6-1
When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...
CVE-2024-24785 affecting package golang for versions less than 1.21.6-1
CVE-2024-24785 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-45290 affecting package golang for versions less than 1.21.6-1
CVE-2023-45290 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-24532 affecting package golang for versions less than 1.21.6-1
CVE-2023-24532 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2022-41722 affecting package golang for versions less than 1.21.6-1
CVE-2022-41722 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-45285 affecting package golang for versions less than 1.21.6-1
CVE-2023-45285 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2022-2880 affecting package golang for versions less than 1.21.6-1
CVE-2022-2880 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-39325 affecting package golang for versions less than 1.21.6-1
CVE-2023-39325 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2022-29526 affecting package golang for versions less than 1.21.6-1
CVE-2022-29526 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2022-41715 affecting package golang for versions less than 1.21.6-1
CVE-2022-41715 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-24538 affecting package golang for versions less than 1.21.6-1
CVE-2023-24538 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-39325 affecting package golang for versions less than 1.21.6-1
CVE-2023-39325 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-24536 affecting package golang for versions less than 1.21.6-1
CVE-2023-24536 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2022-41723 affecting package golang for versions less than 1.21.6-1
CVE-2022-41723 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-44487 affecting package golang for versions less than 1.21.6-1
CVE-2023-44487 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-29405 affecting package golang for versions less than 1.21.6-1
CVE-2023-29405 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
AZL-37438 CVE-2023-45285 affecting package golang for versions less than 1.21.6-1
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
AZL-37343 CVE-2023-49292 affecting package golang for versions less than 1.21.6-1
ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...