Vulnerabilities > Golang > GO > 1.17.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-10 | CVE-2022-30633 | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. | 7.5 |
| 2022-08-10 | CVE-2022-30635 | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. | 7.5 |
| 2022-08-10 | CVE-2022-32148 | Unspecified vulnerability in Golang GO Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. | 6.5 |
| 2022-08-10 | CVE-2022-32189 | Unspecified vulnerability in Golang GO A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. | 7.5 |