Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang go vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-1962
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an malicious user to cause a panic due to stack exhaustion via deeply nested types or declarations.
Golang Go
NA
CVE-2023-29406
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
Golang Go
1 Github repository
5.1
CVSSv2
CVE-2020-28367
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
Golang Go
NA
CVE-2022-32190
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are remo...
Golang Go 1.19.0
2 Github repositories
7.5
CVSSv2
CVE-2012-2666
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
Golang Go 1.0.2
5
CVSSv2
CVE-2020-28851
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Golang Go 1.15.4
6.8
CVSSv2
CVE-2020-29510
The encoding/xml package in Go versions 1.15 and previous versions does not correctly preserve the semantics of directives during tokenization round-trips, which allows an malicious user to craft inputs that behave in conflicting ways during different stages of processing in affe...
Golang Go
Netapp Trident -
6.8
CVSSv2
CVE-2020-29511
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an malicious user to craft inputs that behave in conflicting ways during different stages of processing in affected ...
Golang Go
Netapp Trident -
6.8
CVSSv2
CVE-2020-29509
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an malicious user to craft inputs that behave in conflicting ways during different stages of processing in affecte...
Golang Go
Netapp Trident -
NA
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the s...
Golang Go
Golang Http2
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »