Vulnerabilities > Golang > GO > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-11 CVE-2023-29400 Injection vulnerability in Golang GO
Templates containing actions in unquoted HTML attributes (e.g.
network
low complexity
golang CWE-74
7.3
2023-04-06 CVE-2023-24537 Integer Overflow or Wraparound vulnerability in Golang GO
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
network
low complexity
golang CWE-190
7.5
2023-04-06 CVE-2023-24534 Resource Exhaustion vulnerability in Golang GO
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service.
network
low complexity
golang CWE-400
7.5
2023-04-06 CVE-2023-24536 Allocation of Resources Without Limits or Throttling vulnerability in Golang GO
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts.
network
low complexity
golang CWE-770
7.5
2023-02-28 CVE-2022-41722 Path Traversal vulnerability in Golang GO
A path traversal vulnerability exists in filepath.Clean on Windows.
network
low complexity
golang CWE-22
7.5
2023-02-28 CVE-2022-41723 Unspecified vulnerability in Golang GO
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
network
low complexity
golang
7.5
2023-02-28 CVE-2022-41724 Resource Exhaustion vulnerability in Golang GO
Large handshake records may cause panics in crypto/tls.
network
low complexity
golang CWE-400
7.5
2023-02-28 CVE-2022-41725 Allocation of Resources Without Limits or Throttling vulnerability in Golang GO
A denial of service is possible from excessive resource consumption in net/http and mime/multipart.
network
low complexity
golang CWE-770
7.5
2022-12-07 CVE-2022-41720 Path Traversal vulnerability in Golang GO
On Windows, restricted files can be accessed via os.DirFS and http.Dir.
network
low complexity
golang CWE-22
7.5
2022-11-02 CVE-2022-41716 Unspecified vulnerability in Golang GO
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows.
network
low complexity
golang
7.5