Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang go vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-33197
In Go prior to 1.15.13 and 1.16.x prior to 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
Golang Go
7.5
CVSSv3
CVE-2021-33198
In Go prior to 1.15.13 and 1.16.x prior to 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
Golang Go
5.5
CVSSv3
CVE-2022-1962
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an malicious user to cause a panic due to stack exhaustion via deeply nested types or declarations.
Golang Go
7.5
CVSSv3
CVE-2020-28851
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Golang Go 1.15.4
7.5
CVSSv3
CVE-2022-32190
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are remo...
Golang Go 1.19.0
2 Github repositories
9.8
CVSSv3
CVE-2012-2666
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
Golang Go 1.0.2
5.6
CVSSv3
CVE-2020-29510
The encoding/xml package in Go versions 1.15 and previous versions does not correctly preserve the semantics of directives during tokenization round-trips, which allows an malicious user to craft inputs that behave in conflicting ways during different stages of processing in affe...
Golang Go
Netapp Trident -
5.6
CVSSv3
CVE-2020-29511
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an malicious user to craft inputs that behave in conflicting ways during different stages of processing in affected ...
Golang Go
Netapp Trident -
5.6
CVSSv3
CVE-2020-29509
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an malicious user to craft inputs that behave in conflicting ways during different stages of processing in affecte...
Golang Go
Netapp Trident -
5.3
CVSSv3
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the s...
Golang Go
Golang Http2
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »