1.21.0

DATE	CVE	VULNERABILITY TITLE	RISK
2024-06-05	CVE-2024-24789	Unspecified vulnerability in Golang GO The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. local low complexity golang	5.5
2024-06-05	CVE-2024-24790	Unspecified vulnerability in Golang GO The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. network low complexity golang critical	9.8
2023-10-11	CVE-2023-39325	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. network low complexity golang fedoraproject netapp CWE-770	7.5
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2023-10-05	CVE-2023-39323	Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. network high complexity golang fedoraproject	8.1
2023-09-08	CVE-2023-39318	Cross-site Scripting vulnerability in Golang GO The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. network low complexity golang CWE-79	6.1
2023-09-08	CVE-2023-39319	Cross-site Scripting vulnerability in Golang GO The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. network low complexity golang CWE-79	6.1
2023-09-08	CVE-2023-39320	Code Injection vulnerability in Golang GO 1.21.0/1.21.00 The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. network low complexity golang CWE-94 critical	9.8
2023-09-08	CVE-2023-39321	Unspecified vulnerability in Golang GO 1.21.0/1.21.00 Processing an incomplete post-handshake message for a QUIC connection can cause a panic. network low complexity golang	7.5
2023-09-08	CVE-2023-39322	Allocation of Resources Without Limits or Throttling vulnerability in Golang GO 1.21.0/1.21.00 QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. network low complexity golang CWE-770	7.5