|Max CVSS||7.8||Min CVSS||4.3||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
|10-08-2022 - 20:15||18-11-2020 - 17:15|
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
|30-11-2021 - 19:42||24-10-2019 - 22:15|
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
|14-06-2021 - 18:15||06-08-2020 - 18:15|
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
|22-03-2021 - 13:05||13-03-2019 - 08:29|
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the p
|09-12-2020 - 00:15||13-08-2019 - 21:15|
||24-09-2020 - 12:15||06-08-2020 - 18:15|
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is relate
|24-08-2020 - 17:37||13-08-2019 - 21:15|