Vulnerabilities > Golang > GO > 1.17.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-14 | CVE-2022-41715 | Unspecified vulnerability in Golang GO Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. | 7.5 |
| 2022-10-14 | CVE-2022-2879 | Allocation of Resources Without Limits or Throttling vulnerability in Golang GO Reader.Read does not set a limit on the maximum size of file headers. | 7.5 |
| 2022-10-14 | CVE-2022-2880 | HTTP Request Smuggling vulnerability in Golang GO Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. | 7.5 |
| 2022-09-06 | CVE-2022-27664 | In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. | 7.5 |
| 2022-08-10 | CVE-2022-1705 | HTTP Request Smuggling vulnerability in Golang GO Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. | 6.5 |
| 2022-08-10 | CVE-2022-1962 | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. | 5.5 |
| 2022-08-10 | CVE-2022-28131 | Uncontrolled Recursion vulnerability in multiple products Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | 7.5 |
| 2022-08-10 | CVE-2022-30630 | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. | 7.5 |
| 2022-08-10 | CVE-2022-30631 | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. | 7.5 |
| 2022-08-10 | CVE-2022-30632 | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | 7.5 |