Max CVSS 7.8 Min CVSS 6.8 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2018-16873 6.8
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically,
25-03-2021 - 16:43 14-12-2018 - 14:29
CVE-2018-16874 6.8
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only v
22-03-2021 - 18:51 14-12-2018 - 14:29
CVE-2018-16875 7.8
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers
03-06-2019 - 18:29 14-12-2018 - 14:29
Back to Top Mark selected
Back to Top