Vulnerabilities > Golang
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-05 | CVE-2023-39323 | Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. | 8.1 |
| 2023-09-08 | CVE-2023-39318 | Cross-site Scripting vulnerability in Golang GO The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. | 6.1 |
| 2023-09-08 | CVE-2023-39319 | Cross-site Scripting vulnerability in Golang GO The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. | 6.1 |
| 2023-09-08 | CVE-2023-39320 | Code Injection vulnerability in Golang GO 1.21.0/1.21.00 The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. | 9.8 |
| 2023-09-08 | CVE-2023-39321 | Unspecified vulnerability in Golang GO 1.21.0/1.21.00 Processing an incomplete post-handshake message for a QUIC connection can cause a panic. | 7.5 |
| 2023-09-08 | CVE-2023-39322 | Allocation of Resources Without Limits or Throttling vulnerability in Golang GO 1.21.0/1.21.00 QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. | 7.5 |
| 2023-08-02 | CVE-2023-29407 | Excessive Iteration vulnerability in multiple products A maliciously-crafted image can cause excessive CPU consumption in decoding. | 6.5 |
| 2023-08-02 | CVE-2023-29408 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The TIFF decoder does not place a limit on the size of compressed tile data. | 6.5 |
| 2023-08-02 | CVE-2023-29409 | Resource Exhaustion vulnerability in Golang GO Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. | 5.3 |
| 2023-08-02 | CVE-2023-3978 | Cross-site Scripting vulnerability in Golang Networking Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. | 6.1 |