Vulnerabilities > Golang > GO > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-26 CVE-2021-3115 Uncontrolled Search Path Element vulnerability in multiple products
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
network
high complexity
golang fedoraproject netapp CWE-427
7.5
2020-11-18 CVE-2020-28367 Code Injection vulnerability in Golang GO
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
network
high complexity
golang CWE-94
7.5
2020-11-18 CVE-2020-28366 Code Injection vulnerability in multiple products
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
network
high complexity
golang fedoraproject netapp CWE-94
7.5
2020-11-18 CVE-2020-28362 Improper Certificate Validation vulnerability in multiple products
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
network
low complexity
golang fedoraproject netapp CWE-295
7.5
2020-08-06 CVE-2020-16845 Infinite Loop vulnerability in multiple products
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
network
low complexity
golang opensuse debian fedoraproject CWE-835
7.5
2020-03-16 CVE-2020-7919 Improper Certificate Validation vulnerability in multiple products
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
network
low complexity
golang debian fedoraproject netapp CWE-295
7.5
2020-02-08 CVE-2015-5741 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
network
low complexity
golang redhat CWE-444
7.5
2019-10-24 CVE-2019-17596 Interpretation Conflict vulnerability in multiple products
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key.
7.5
2019-09-30 CVE-2019-16276 HTTP Request Smuggling vulnerability in multiple products
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
7.5
2019-05-13 CVE-2019-11888 Improper Privilege Management vulnerability in Golang GO
Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.
network
low complexity
golang microsoft CWE-269
7.5