Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang go vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2019-9634
Go up to and including 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.
Golang Go
6.5
CVSSv3
CVE-2022-32148
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the ...
Golang Go
7.5
CVSSv3
CVE-2022-32189
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go prior to 1.17.13 and 1.18.5, potentially allowing a denial of service.
Golang Go
7.5
CVSSv3
CVE-2022-41720
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp...
Golang Go
7.5
CVSSv3
CVE-2021-27918
encoding/xml in Go prior to 1.15.9 and 1.16.x prior to 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
Golang Go
9.8
CVSSv3
CVE-2012-2666
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
Golang Go 1.0.2
7.5
CVSSv3
CVE-2020-28851
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Golang Go 1.15.4
7.5
CVSSv3
CVE-2022-32190
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are remo...
Golang Go 1.19.0
2 Github repositories
5.6
CVSSv3
CVE-2020-29509
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an malicious user to craft inputs that behave in conflicting ways during different stages of processing in affecte...
Golang Go
Netapp Trident -
5.6
CVSSv3
CVE-2020-29510
The encoding/xml package in Go versions 1.15 and previous versions does not correctly preserve the semantics of directives during tokenization round-trips, which allows an malicious user to craft inputs that behave in conflicting ways during different stages of processing in affe...
Golang Go
Netapp Trident -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »