Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-1705
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
Golang Go
7.8
CVSSv3
CVE-2019-9634
Go up to and including 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.
Golang Go
6.5
CVSSv3
CVE-2022-32148
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the ...
Golang Go
7.5
CVSSv3
CVE-2022-32149
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
Golang Text
7.5
CVSSv3
CVE-2022-32189
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go prior to 1.17.13 and 1.18.5, potentially allowing a denial of service.
Golang Go
6.1
CVSSv3
CVE-2023-3978
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Golang Networking
1 Github repository
3.1
CVSSv3
CVE-2022-30629
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
Golang Go
8.1
CVSSv3
CVE-2017-3204
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
Golang Crypto
1 Github repository
7.5
CVSSv3
CVE-2022-27536
Certificate.Verify in crypto/x509 in Go 1.18.x prior to 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
Golang Go
9.8
CVSSv3
CVE-2023-24540
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during exe...
Golang Go
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »