Vulnerabilities > Golang > GO > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-06 CVE-2023-45285 Unspecified vulnerability in Golang GO
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module.
network
low complexity
golang
7.5
2023-12-05 CVE-2023-45287 Information Exposure Through Discrepancy vulnerability in Golang GO
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time.
network
low complexity
golang CWE-203
7.5
2023-11-09 CVE-2023-45283 Path Traversal vulnerability in Golang GO
The filepath package does not recognize paths with a \??\ prefix as special.
network
low complexity
golang CWE-22
7.5
2023-10-11 CVE-2023-39325 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption.
network
low complexity
golang fedoraproject netapp CWE-770
7.5
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-10-05 CVE-2023-39323 Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation.
network
high complexity
golang fedoraproject
8.1
2023-09-08 CVE-2023-39321 Unspecified vulnerability in Golang GO 1.21.0/1.21.00
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
network
low complexity
golang
7.5
2023-09-08 CVE-2023-39322 Allocation of Resources Without Limits or Throttling vulnerability in Golang GO 1.21.0/1.21.00
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth.
network
low complexity
golang CWE-770
7.5
2023-06-08 CVE-2023-29403 Exposure of Resource to Wrong Sphere vulnerability in multiple products
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits.
local
low complexity
golang fedoraproject CWE-668
7.8
2023-05-11 CVE-2023-24539 Injection vulnerability in Golang GO
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts.
network
low complexity
golang CWE-74
7.3