Vulnerabilities > Golang > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-02 | CVE-2021-33197 | Missing Authorization vulnerability in Golang GO In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. | 4.3 |
2021-08-02 | CVE-2021-33198 | Unspecified vulnerability in Golang GO In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | 5.0 |
2021-07-15 | CVE-2021-34558 | Improper Certificate Validation vulnerability in multiple products The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | 6.5 |
2021-05-27 | CVE-2021-31525 | Uncontrolled Recursion vulnerability in multiple products net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. | 5.9 |
2021-03-11 | CVE-2021-27919 | archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. | 5.5 |
2021-01-26 | CVE-2021-3114 | Incorrect Calculation vulnerability in multiple products In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. | 6.5 |
2021-01-02 | CVE-2020-28852 | Improper Validation of Array Index vulnerability in Golang Text In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. | 5.0 |
2021-01-02 | CVE-2020-28851 | Improper Validation of Array Index vulnerability in Golang GO 1.15.4 In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. | 5.0 |
2020-12-14 | CVE-2020-29511 | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | 5.6 |
2020-12-14 | CVE-2020-29510 | The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | 6.8 |