This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Golang First view 2019-09-30
Product Go Last view 2020-09-02
Version 1.13 Type Application
Update beta1  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:golang:go

Activity : Overall

Related : CVE

  Date Alert Description
6.1 2020-09-02 CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.

7.5 2020-08-06 CVE-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

5.9 2020-07-17 CVE-2020-15586

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

5.3 2020-07-17 CVE-2020-14039

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.

7.5 2020-03-16 CVE-2020-7919

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

7.5 2019-10-24 CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

7.5 2019-09-30 CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

CWE : Common Weakness Enumeration

%idName
33% (2) CWE-295 Certificate Issues
16% (1) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
16% (1) CWE-436 Interpretation Conflict
16% (1) CWE-362 Race Condition
16% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')