github.com/pandatix/go-cvss is vulnerable to denial of service (DoS) attacks. A remote attacker is able to cause a system panic, when a full CVSS v2.0
vector string is parsed through the ParseVector
function, which leads to an out-of-bounds read causing the system hang.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/pandatix/go-cvss | le | v0.3.0 | |
github.com/pandatix/go-cvss | le | v0.3.0 |