Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang http2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-23773
cmd/go in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
4 Github repositories
7.5
CVSSv3
CVE-2022-23772
Rat.SetString in math/big in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
Debian Debian Linux 9.0
5 Github repositories
7.5
CVSSv3
CVE-2021-39293
In archive/zip in Go prior to 1.16.8 and 1.17.x prior to 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
Golang Go
Netapp Cloud Insights Telegraf -
7.5
CVSSv3
CVE-2021-44716
net/http in Go prior to 1.16.12 and 1.17.x prior to 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
Golang Go
Debian Debian Linux 9.0
Netapp Cloud Insights Telegraf -
7.5
CVSSv3
CVE-2021-41771
ImportedSymbols in debug/macho (for Open or OpenFat) in Go prior to 1.16.10 and 1.17.x prior to 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2021-41772
Go prior to 1.16.10 and 1.17.x prior to 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Timesten In-memory Database -
7.5
CVSSv3
CVE-2021-33196
In archive/zip in Go prior to 1.15.13 and 1.16.x prior to 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
Golang Go
Debian Debian Linux 9.0
7.3
CVSSv3
CVE-2023-24539
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if exe...
Golang Go
1 Github repository
7.3
CVSSv3
CVE-2023-29400
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
Golang Go
1 Github repository
6.5
CVSSv3
CVE-2023-29406
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
Golang Go
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »