Go Security Vulnerabilities and Issues — Go CVE List

Lucene search

GolangGo

6 matches found

CVE•added 2021/08/08 6:15 a.m.•439 views

CVE-2021-36221

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

5.9CVSS6.6AI score0.00212EPSS

CVE•added 2021/08/02 7:15 p.m.•413 views

CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

7.5CVSS7.6AI score0.00029EPSS

CVE•added 2021/08/02 7:15 p.m.•405 views

CVE-2021-33197

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

5.3CVSS6.4AI score0.00037EPSS

CVE•added 2021/08/02 7:15 p.m.•396 views

CVE-2021-33196

In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

7.5CVSS7.6AI score0.00022EPSS

CVE•added 2021/08/07 5:15 p.m.•380 views

CVE-2021-29923

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.

7.5CVSS7.5AI score0.00115EPSS

CVE•added 2021/08/02 7:15 p.m.•370 views

CVE-2021-33198

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

7.5CVSS7.5AI score0.00028EPSS