Vulnerabilities > Golang > GO > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-05 | CVE-2024-24789 | Unspecified vulnerability in Golang GO The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. | 5.5 |
| 2023-12-06 | CVE-2023-39326 | Unspecified vulnerability in Golang GO A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. | 5.3 |
| 2023-11-09 | CVE-2023-45284 | Unspecified vulnerability in Golang GO On Windows, The IsLocal function does not correctly detect reserved device names in some cases. | 5.3 |
| 2023-09-08 | CVE-2023-39318 | Cross-site Scripting vulnerability in Golang GO The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. | 6.1 |
| 2023-09-08 | CVE-2023-39319 | Cross-site Scripting vulnerability in Golang GO The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. | 6.1 |
| 2023-08-02 | CVE-2023-29409 | Resource Exhaustion vulnerability in Golang GO Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. | 5.3 |
| 2023-07-11 | CVE-2023-29406 | Interpretation Conflict vulnerability in Golang GO The HTTP/1 client does not fully validate the contents of the Host header. | 6.5 |
| 2023-03-08 | CVE-2023-24532 | Incorrect Calculation vulnerability in Golang GO The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). | 5.3 |
| 2022-12-08 | CVE-2022-41717 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. | 5.3 |
| 2022-08-10 | CVE-2022-1705 | HTTP Request Smuggling vulnerability in Golang GO Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. | 6.5 |