1.14.14

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-27	CVE-2021-31525	Uncontrolled Recursion vulnerability in multiple products net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. network high complexity golang fedoraproject CWE-674	5.9
2021-05-26	CVE-2021-33194	Infinite Loop vulnerability in multiple products golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. network low complexity golang fedoraproject CWE-835	7.5
2021-03-11	CVE-2021-27918	Infinite Loop vulnerability in Golang GO encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. network low complexity golang CWE-835	7.5
2020-12-14	CVE-2020-29511	The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network high complexity golang netapp	5.6
2020-12-14	CVE-2020-29510	The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network high complexity golang netapp	5.6
2020-12-14	CVE-2020-29509	The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network high complexity golang netapp	5.6