Vulnerabilities > Golang > GO > 1.14.14

DATE CVE VULNERABILITY TITLE RISK
2023-12-06 CVE-2023-39326 Unspecified vulnerability in Golang GO
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body.
network
low complexity
golang
5.3
2023-12-06 CVE-2023-45285 Unspecified vulnerability in Golang GO
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module.
network
low complexity
golang
7.5
2023-12-05 CVE-2023-45287 Information Exposure Through Discrepancy vulnerability in Golang GO
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time.
network
low complexity
golang CWE-203
7.5
2023-11-09 CVE-2023-45283 Path Traversal vulnerability in Golang GO
The filepath package does not recognize paths with a \??\ prefix as special.
network
low complexity
golang CWE-22
7.5
2023-11-09 CVE-2023-45284 Unspecified vulnerability in Golang GO
On Windows, The IsLocal function does not correctly detect reserved device names in some cases.
network
low complexity
golang
5.3
2023-10-10 CVE-2023-44487 Resource Exhaustion vulnerability in multiple products
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
2023-10-05 CVE-2023-39323 Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation.
network
high complexity
golang fedoraproject
8.1
2023-09-08 CVE-2023-39318 Cross-site Scripting vulnerability in Golang GO
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts.
network
low complexity
golang CWE-79
6.1
2023-09-08 CVE-2023-39319 Cross-site Scripting vulnerability in Golang GO
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts.
network
low complexity
golang CWE-79
6.1
2023-08-02 CVE-2023-29409 Resource Exhaustion vulnerability in Golang GO
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures.
network
low complexity
golang CWE-400
5.3