Search CVE reports
51 – 60 of 69 results
Some fixes available 8 of 22
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts,...
13 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release |
| golang-1.20 | Not in release | Fixed | Fixed | Not in release |
| golang-1.21 | Not affected | Not affected | Not affected | Not in release |
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a...
2 affected packages
golang-1.19, golang-1.20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.19 | Not in release | Not in release | Not in release | Ignored |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Ignored |
Some fixes available 5 of 25
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an...
12 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Ignored |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release |
Some fixes available 5 of 25
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker...
12 affected packages
golang-1.20, golang-1.13, golang, golang-1.10, golang-1.14...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang | Not in release | Not in release | Not in release | Ignored |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation |
Some fixes available 5 of 25
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker...
12 affected packages
golang-1.20, golang-1.19, golang, golang-1.10, golang-1.13...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release |
| golang | Not in release | Not in release | Not in release | Ignored |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation |
Some fixes available 5 of 25
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file...
12 affected packages
golang-1.20, golang-1.19, golang, golang-1.10, golang-1.13...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release |
| golang | Not in release | Not in release | Not in release | Ignored |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation |
Some fixes available 5 of 25
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories...
12 affected packages
golang-1.13, golang-1.19, golang-1.18, golang, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed |
| golang | Not in release | Not in release | Not in release | Ignored |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Fixed | Not in release | Not in release |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation |
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary...
2 affected packages
golang-1.19, golang-1.20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.19 | — | Not in release | Not in release | Not in release |
| golang-1.20 | — | Not affected | Not affected | Not in release |
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions...
2 affected packages
golang-1.19, golang-1.20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.19 | — | Not in release | Not in release | Not in release |
| golang-1.20 | — | Not affected | Not affected | Not in release |
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for...
2 affected packages
golang-1.19, golang-1.20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.19 | — | Not in release | Not in release | Not in release |
| golang-1.20 | — | Not affected | Not affected | Not in release |