Vulnerabilities > Golang > GO > 1.15.10

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2021-31525 Uncontrolled Recursion vulnerability in multiple products
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse.
network
high complexity
golang fedoraproject CWE-674
5.9
5.9
2021-05-26 CVE-2021-33194 Infinite Loop vulnerability in multiple products
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
network
low complexity
golang fedoraproject CWE-835
7.5
7.5
2020-12-14 CVE-2020-29511 The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
high complexity
golang netapp
5.6
5.6
2020-12-14 CVE-2020-29509 The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
high complexity
golang netapp
5.6
5.6