Go@1.7 Security Vulnerabilities and Issues — Go@1.7 CVE List

Lucene search

GolangGo1.7

3 matches found

CVE•added 2016/07/19 2:0 a.m.•115 views

CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI appl...

8.1CVSS7.7AI score0.87615EPSS

CVE•added 2017/10/05 1:29 a.m.•72 views

CVE-2017-1000098

The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.

7.5CVSS7.2AI score0.00434EPSS

CVE•added 2017/10/05 1:29 a.m.•49 views

CVE-2017-1000097

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.

7.5CVSS7.4AI score0.00189EPSS