Vulnerabilities > Golang > GO > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-06 | CVE-2023-45285 | Unspecified vulnerability in Golang GO Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. | 7.5 |
2023-12-05 | CVE-2023-45287 | Information Exposure Through Discrepancy vulnerability in Golang GO Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. | 7.5 |
2023-11-09 | CVE-2023-45283 | Path Traversal vulnerability in Golang GO The filepath package does not recognize paths with a \??\ prefix as special. | 7.5 |
2023-10-11 | CVE-2023-39325 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. | 7.5 |
2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
2023-10-05 | CVE-2023-39323 | Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. | 8.1 |
2023-09-08 | CVE-2023-39321 | Unspecified vulnerability in Golang GO 1.21.0/1.21.00 Processing an incomplete post-handshake message for a QUIC connection can cause a panic. | 7.5 |
2023-09-08 | CVE-2023-39322 | Allocation of Resources Without Limits or Throttling vulnerability in Golang GO 1.21.0/1.21.00 QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. | 7.5 |
2023-06-08 | CVE-2023-29403 | Exposure of Resource to Wrong Sphere vulnerability in multiple products On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. | 7.8 |
2023-05-11 | CVE-2023-24539 | Injection vulnerability in Golang GO Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. | 7.3 |