Vulnerabilities > Golang > GO > 1.14.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-14 | CVE-2022-41715 | Unspecified vulnerability in Golang GO Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. | 7.5 |
| 2022-10-14 | CVE-2022-2879 | Allocation of Resources Without Limits or Throttling vulnerability in Golang GO Reader.Read does not set a limit on the maximum size of file headers. | 7.5 |
| 2022-10-14 | CVE-2022-2880 | HTTP Request Smuggling vulnerability in Golang GO Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. | 7.5 |
| 2022-09-06 | CVE-2022-27664 | In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. | 7.5 |
| 2022-08-10 | CVE-2022-1705 | HTTP Request Smuggling vulnerability in Golang GO Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. | 6.5 |
| 2022-08-10 | CVE-2022-1962 | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. | 5.5 |
| 2022-08-10 | CVE-2022-28131 | Uncontrolled Recursion vulnerability in multiple products Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | 7.5 |
| 2022-08-10 | CVE-2022-29804 | Path Traversal vulnerability in Golang GO Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | 7.5 |
| 2022-08-10 | CVE-2022-30580 | Code Injection vulnerability in Golang GO Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. | 7.8 |
| 2022-08-10 | CVE-2022-30629 | Use of Insufficiently Random Values vulnerability in Golang GO Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. | 3.1 |