Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Go
(Golang)Repositories | https://github.com/golang/go |
#Vulnerabilities | 121 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-07-17 | CVE-2020-15586 | Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. | Cf\-Deployment, Routing\-Release, Debian_linux, Fedora, Go, Leap | 5.9 | ||
2020-08-06 | CVE-2020-16845 | Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | Debian_linux, Fedora, Go, Leap | 7.5 | ||
2020-09-02 | CVE-2020-24553 | Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | Fedora, Go, Leap, Communications_cloud_native_core_policy | 6.1 | ||
2020-11-18 | CVE-2020-28362 | Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | Fedora, Go, Cloud_insights_telegraf_agent, Trident | 7.5 | ||
2020-11-18 | CVE-2020-28366 | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | Fedora, Go, Cloud_insights_telegraf_agent, Trident | 7.5 | ||
2020-11-18 | CVE-2020-28367 | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | Go | 7.5 | ||
2021-01-26 | CVE-2021-3114 | In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. | Debian_linux, Fedora, Go, Cloud_insights_telegraf_agent, Storagegrid | 6.5 | ||
2021-01-26 | CVE-2021-3115 | Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). | Fedora, Go, Cloud_insights_telegraf_agent, Storagegrid | 7.5 | ||
2021-03-11 | CVE-2021-27919 | archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. | Fedora, Go | 5.5 | ||
2021-05-26 | CVE-2021-33194 | golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. | Fedora, Go | 7.5 |