Search CVE reports
21 – 30 of 72 results
CVE-2023-39321
Medium priorityProcessing an incomplete post-handshake message for a QUIC connection can cause a panic.
13 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Not affected | Not affected |
golang-1.13 | Not in release | Not affected | Not affected | Not affected | Not affected |
golang-1.14 | Not in release | Not in release | Not affected | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Not affected | Not affected | Not in release |
golang-1.17 | Not in release | Not affected | Not in release | Not in release | Not in release |
golang-1.18 | Not in release | Not affected | Not affected | Not affected | Not affected |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.20 | Not in release | Not affected | Not affected | Not in release | Not in release |
golang-1.21 | Not affected | Not affected | Not affected | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Not affected |
golang-1.8 | Not in release | Not in release | Not in release | Not affected | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2023-39320
Medium priorityThe go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded...
13 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Not affected | Not affected |
golang-1.13 | Not in release | Not affected | Not affected | Not affected | Not affected |
golang-1.14 | Not in release | Not in release | Not affected | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Not affected | Not affected | Not in release |
golang-1.17 | Not in release | Not affected | Not in release | Not in release | Not in release |
golang-1.18 | Not in release | Not affected | Not affected | Not affected | Not affected |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.20 | Not in release | Not affected | Not affected | Not in release | Not in release |
golang-1.21 | Not affected | Not affected | Not affected | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Not affected |
golang-1.8 | Not in release | Not in release | Not in release | Not affected | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2023-39319
Medium prioritySome fixes available 8 of 22
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script...
13 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Not in release |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Not in release |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.20 | Not in release | Fixed | Fixed | Not in release | Not in release |
golang-1.21 | Not affected | Not affected | Not affected | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2023-39318
Medium prioritySome fixes available 8 of 22
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts,...
13 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Not in release |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Not in release |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.20 | Not in release | Fixed | Fixed | Not in release | Not in release |
golang-1.21 | Not affected | Not affected | Not affected | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2023-29406
Medium prioritySome fixes available 5 of 25
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an...
12 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Ignored | Ignored |
golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2023-29405
Low prioritySome fixes available 5 of 25
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker...
12 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Ignored | Ignored |
golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2023-29404
Low prioritySome fixes available 5 of 25
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker...
12 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Ignored | Ignored |
golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2023-29403
Medium prioritySome fixes available 5 of 25
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file...
12 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Ignored | Ignored |
golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2023-29402
Low prioritySome fixes available 5 of 25
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories...
12 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Ignored | Ignored |
golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2023-24538
Medium prioritySome fixes available 12 of 20
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a...
11 affected packages
golang-1.10, golang-1.13, golang-1.14, golang-1.16, golang-1.17...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
golang-1.13 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.14 | Not in release | Not in release | Vulnerable | Not in release | Ignored |
golang-1.16 | Not in release | Not in release | Fixed | Fixed | Ignored |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Not affected | Not affected | Not in release | Ignored |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Ignored |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Ignored |