Vulnerabilities > Golang

DATE CVE VULNERABILITY TITLE RISK
2023-09-08 CVE-2023-39318 Cross-site Scripting vulnerability in Golang GO
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts.
network
low complexity
golang CWE-79
6.1
2023-09-08 CVE-2023-39319 Cross-site Scripting vulnerability in Golang GO
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts.
network
low complexity
golang CWE-79
6.1
2023-09-08 CVE-2023-39320 Code Injection vulnerability in Golang GO 1.21.0
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module.
network
low complexity
golang CWE-94
critical
9.8
2023-09-08 CVE-2023-39321 Unspecified vulnerability in Golang GO 1.21.0
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
network
low complexity
golang
7.5
2023-09-08 CVE-2023-39322 Allocation of Resources Without Limits or Throttling vulnerability in Golang GO 1.21.0
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth.
network
low complexity
golang CWE-770
7.5
2023-08-08 CVE-2023-39533 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
go-libp2p is the Go implementation of the libp2p Networking Stack.
network
low complexity
golang quic-project libp2p CWE-770
7.5
2023-08-02 CVE-2023-29407 Excessive Iteration vulnerability in Golang Image
A maliciously-crafted image can cause excessive CPU consumption in decoding.
network
low complexity
golang CWE-834
6.5
2023-08-02 CVE-2023-29408 Allocation of Resources Without Limits or Throttling vulnerability in Golang Image
The TIFF decoder does not place a limit on the size of compressed tile data.
network
low complexity
golang CWE-770
6.5
2023-08-02 CVE-2023-29409 Resource Exhaustion vulnerability in Golang GO
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures.
network
low complexity
golang CWE-400
5.3
2023-08-02 CVE-2023-3978 Cross-site Scripting vulnerability in Golang Networking
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.
network
low complexity
golang CWE-79
6.1