Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Go
(Golang)| Repositories | https://github.com/golang/go |
| #Vulnerabilities | 122 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-02 | CVE-2020-24553 | Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | Fedora, Go, Leap, Communications_cloud_native_core_policy | 6.1 | ||
| 2020-11-18 | CVE-2020-28362 | Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | Fedora, Go, Cloud_insights_telegraf_agent, Trident | 7.5 | ||
| 2020-11-18 | CVE-2020-28366 | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | Fedora, Go, Cloud_insights_telegraf_agent, Trident | 7.5 | ||
| 2020-11-18 | CVE-2020-28367 | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | Go | 7.5 | ||
| 2020-12-14 | CVE-2020-29509 | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | Go, Trident | 5.6 | ||
| 2020-12-14 | CVE-2020-29510 | The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | Go, Trident | 5.6 | ||
| 2020-12-14 | CVE-2020-29511 | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | Go, Trident | 5.6 | ||
| 2021-01-02 | CVE-2020-28851 | In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | Go | 7.5 | ||
| 2021-01-26 | CVE-2021-3114 | In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. | Debian_linux, Fedora, Go, Cloud_insights_telegraf_agent, Storagegrid | 6.5 | ||
| 2021-01-26 | CVE-2021-3115 | Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). | Fedora, Go, Cloud_insights_telegraf_agent, Storagegrid | 7.5 |