Search CVE reports
31 – 40 of 45 results
CVE-2023-29404
Low prioritySome fixes available 1 of 25
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker...
12 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Ignored | Ignored |
golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2023-29403
Medium prioritySome fixes available 1 of 25
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file...
12 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Ignored | Ignored |
golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2023-29402
Low prioritySome fixes available 1 of 25
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories...
12 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Ignored | Ignored |
golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2023-29400
Medium priorityTemplates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary...
2 affected packages
golang-1.19, golang-1.20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.19 | — | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | — | Not affected | Not affected | Not in release | Ignored |
CVE-2023-24540
Medium priorityNot all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions...
2 affected packages
golang-1.19, golang-1.20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.19 | — | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | — | Not affected | Not affected | Not in release | Ignored |
CVE-2023-24539
Medium priorityAngle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for...
2 affected packages
golang-1.19, golang-1.20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.19 | — | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | — | Not affected | Not affected | Not in release | Ignored |
CVE-2023-24538
Medium prioritySome fixes available 12 of 20
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a...
11 affected packages
golang-1.10, golang-1.13, golang-1.14, golang-1.16, golang-1.17...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
golang-1.13 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.14 | Not in release | Not in release | Vulnerable | Not in release | Ignored |
golang-1.16 | Not in release | Not in release | Fixed | Fixed | Ignored |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Not affected | Not affected | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Ignored |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Ignored |
CVE-2023-24537
Medium prioritySome fixes available 11 of 14
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
11 affected packages
golang-1.10, golang-1.13, golang-1.14, golang-1.16, golang-1.17...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.10 | Not in release | Not in release | Not in release | Not affected | Not affected |
golang-1.13 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.14 | Not in release | Not in release | Vulnerable | Not in release | Ignored |
golang-1.16 | Not in release | Not in release | Fixed | Fixed | Ignored |
golang-1.17 | Not in release | Vulnerable | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Not affected | Not affected | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Not affected |
golang-1.8 | Not in release | Not in release | Not in release | Not affected | Ignored |
golang-1.9 | Not in release | Not in release | Not in release | Not affected | Ignored |
CVE-2023-24536
Medium priorityMultipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a...
11 affected packages
golang-1.10, golang-1.13, golang-1.14, golang-1.16, golang-1.17...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
golang-1.14 | Not in release | Not in release | Vulnerable | Not in release | Ignored |
golang-1.16 | Not in release | Not in release | Vulnerable | Vulnerable | Ignored |
golang-1.17 | Not in release | Vulnerable | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Not affected | Not affected | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Ignored |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Ignored |
CVE-2023-24534
Medium prioritySome fixes available 11 of 20
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP...
11 affected packages
golang-1.10, golang-1.13, golang-1.14, golang-1.16, golang-1.17...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
golang-1.13 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.14 | Not in release | Not in release | Vulnerable | Not in release | Ignored |
golang-1.16 | Not in release | Not in release | Fixed | Fixed | Ignored |
golang-1.17 | Not in release | Vulnerable | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Not affected | Not affected | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Ignored |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Ignored |