Vulnerabilities > Golang
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-11 | CVE-2023-29406 | Interpretation Conflict vulnerability in Golang GO The HTTP/1 client does not fully validate the contents of the Host header. | 6.5 |
| 2023-06-08 | CVE-2023-29402 | Code Injection vulnerability in multiple products The go command may generate unexpected code at build time when using cgo. | 9.8 |
| 2023-06-08 | CVE-2023-29403 | Exposure of Resource to Wrong Sphere vulnerability in multiple products On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. | 7.8 |
| 2023-06-08 | CVE-2023-29404 | Code Injection vulnerability in multiple products The go command may execute arbitrary code at build time when using cgo. | 9.8 |
| 2023-06-08 | CVE-2023-29405 | Injection vulnerability in multiple products The go command may execute arbitrary code at build time when using cgo. | 9.8 |
| 2023-05-11 | CVE-2023-24539 | Injection vulnerability in Golang GO Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. | 7.3 |
| 2023-05-11 | CVE-2023-24540 | Unspecified vulnerability in Golang GO Not all valid JavaScript whitespace characters are considered to be whitespace. | 9.8 |
| 2023-05-11 | CVE-2023-29400 | Injection vulnerability in Golang GO Templates containing actions in unquoted HTML attributes (e.g. | 7.3 |
| 2023-04-06 | CVE-2023-24537 | Integer Overflow or Wraparound vulnerability in Golang GO Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. | 7.5 |
| 2023-04-06 | CVE-2023-24538 | Code Injection vulnerability in Golang GO Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. | 9.8 |