Go@* Security Vulnerabilities and Issues — Go@* CVE List

Lucene search

GolangGo*

4 matches found

CVE•added 2019/08/13 9:15 p.m.•342 views

CVE-2019-14809

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an a...

9.8CVSS8.2AI score0.02582EPSS

In wild

CVE•added 2019/09/30 7:15 p.m.•245 views

CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

7.5CVSS7.5AI score0.09219EPSS

CVE•added 2019/01/24 5:29 a.m.•176 views

CVE-2019-6486

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.

8.2CVSS7.9AI score0.02753EPSS

CVE•added 2019/03/08 3:29 p.m.•59 views

CVE-2019-9634

Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.

7.8CVSS7.8AI score0.00563EPSS