Go@* Security Vulnerabilities and Issues — Go@* CVE List

Lucene search

GolangGo*

6 matches found

CVE•added 2019/08/13 9:15 p.m.•315 views

CVE-2019-14809

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an a...

9.8CVSS8.2AI score0.04735EPSS

CVE•added 2019/10/24 10:15 p.m.•251 views

CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

7.5CVSS7.3AI score0.04061EPSS

CVE•added 2019/09/30 7:15 p.m.•237 views

CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

7.5CVSS7.5AI score0.11631EPSS

CVE•added 2019/01/24 5:29 a.m.•174 views

CVE-2019-6486

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.

8.2CVSS7.9AI score0.0108EPSS

CVE•added 2019/03/08 3:29 p.m.•58 views

CVE-2019-9634

Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.

7.8CVSS7.8AI score0.00563EPSS

CVE•added 2019/05/13 5:29 a.m.•50 views

CVE-2019-11888

Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.

9.8CVSS9.1AI score0.00196EPSS