Product:

Go

(Golang)
Repositories https://github.com/golang/go
#Vulnerabilities 121
Date Id Summary Products Score Patch Annotated
2020-07-17 CVE-2020-15586 Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. Cf\-Deployment, Routing\-Release, Debian_linux, Fedora, Go, Leap 5.9
2020-08-06 CVE-2020-16845 Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. Debian_linux, Fedora, Go, Leap 7.5
2020-09-02 CVE-2020-24553 Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. Fedora, Go, Leap, Communications_cloud_native_core_policy 6.1
2020-11-18 CVE-2020-28362 Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. Fedora, Go, Cloud_insights_telegraf_agent, Trident 7.5
2020-11-18 CVE-2020-28366 Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. Fedora, Go, Cloud_insights_telegraf_agent, Trident 7.5
2020-11-18 CVE-2020-28367 Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. Go 7.5
2021-01-26 CVE-2021-3114 In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. Debian_linux, Fedora, Go, Cloud_insights_telegraf_agent, Storagegrid 6.5
2021-01-26 CVE-2021-3115 Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). Fedora, Go, Cloud_insights_telegraf_agent, Storagegrid 7.5
2021-03-11 CVE-2021-27919 archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. Fedora, Go 5.5
2021-05-26 CVE-2021-33194 golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. Fedora, Go 7.5