Search CVE reports

21 – 30 of 86 results

Detailed view

Sort by:

CVE-2023-45289

Medium priority

Some fixes available 2 of 24

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	—	—
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	—	—
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	—
golang-1.17	Not in release	Needs evaluation	Not in release	—	—
golang-1.18	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.19	Not in release	Not in release	Not in release	—	—
golang-1.20	Not in release	Needs evaluation	Needs evaluation	—	—
golang-1.21	Not affected	Fixed	Fixed	—	—
golang-1.22	Not affected	Not affected	Not affected	—	—
golang-1.6	Not in release	Not in release	Not in release	—	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	—
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	—

CVE-2023-45284

Medium priority

Needs evaluation

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3,...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Ignored	Ignored
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release	Not in release
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Not in release
golang-1.17	Not in release	Needs evaluation	Not in release	Not in release	Not in release
golang-1.18	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.19	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Not affected	Not affected	Not in release	Not in release
golang-1.21	Not affected	Not affected	Not affected	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release

CVE-2023-45283

Medium priority

Needs evaluation

The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Ignored	Ignored
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release	Not in release
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Not in release
golang-1.17	Not in release	Needs evaluation	Not in release	Not in release	Not in release
golang-1.18	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.19	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Not affected	Not affected	Not in release	Not in release
golang-1.21	Not affected	Not affected	Not affected	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release

CVE-2023-39325

Medium priority

Some fixes available 13 of 27

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting,...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release	Not in release
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Not in release
golang-1.17	Not in release	Fixed	Not in release	Not in release	Not in release
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.19	Not in release	Not in release	Not in release	Ignored	Ignored
golang-1.20	Not in release	Fixed	Fixed	Ignored	Ignored
golang-1.21	Not affected	Fixed	Fixed	Ignored	Ignored
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release

CVE-2023-39322

Medium priority

Not affected

QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Not affected	Not affected
golang-1.13	Not in release	Not affected	Not affected	Not affected	Not affected
golang-1.14	Not in release	Not in release	Not affected	Not in release	Not in release
golang-1.16	Not in release	Not in release	Not affected	Not affected	Not in release
golang-1.17	Not in release	Not affected	Not in release	Not in release	Not in release
golang-1.18	Not in release	Not affected	Not affected	Not affected	Not affected
golang-1.19	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Not affected	Not affected	Not in release	Not in release
golang-1.21	Not affected	Not affected	Not affected	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Not affected
golang-1.8	Not in release	Not in release	Not in release	Not affected	Not in release
golang-1.9	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2023-39321

Medium priority

Not affected

Processing an incomplete post-handshake message for a QUIC connection can cause a panic.

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Not affected	Not affected
golang-1.13	Not in release	Not affected	Not affected	Not affected	Not affected
golang-1.14	Not in release	Not in release	Not affected	Not in release	Not in release
golang-1.16	Not in release	Not in release	Not affected	Not affected	Not in release
golang-1.17	Not in release	Not affected	Not in release	Not in release	Not in release
golang-1.18	Not in release	Not affected	Not affected	Not affected	Not affected
golang-1.19	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Not affected	Not affected	Not in release	Not in release
golang-1.21	Not affected	Not affected	Not affected	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Not affected
golang-1.8	Not in release	Not in release	Not in release	Not affected	Not in release
golang-1.9	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2023-39320

Medium priority

Not affected

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Not affected	Not affected
golang-1.13	Not in release	Not affected	Not affected	Not affected	Not affected
golang-1.14	Not in release	Not in release	Not affected	Not in release	Not in release
golang-1.16	Not in release	Not in release	Not affected	Not affected	Not in release
golang-1.17	Not in release	Not affected	Not in release	Not in release	Not in release
golang-1.18	Not in release	Not affected	Not affected	Not affected	Not affected
golang-1.19	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Not affected	Not affected	Not in release	Not in release
golang-1.21	Not affected	Not affected	Not affected	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Not affected
golang-1.8	Not in release	Not in release	Not in release	Not affected	Not in release
golang-1.9	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2023-39319

Medium priority

Some fixes available 8 of 22

The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release	Not in release
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Not in release
golang-1.17	Not in release	Fixed	Not in release	Not in release	Not in release
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.19	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Fixed	Fixed	Not in release	Not in release
golang-1.21	Not affected	Not affected	Not affected	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release

CVE-2023-39318

Medium priority

Some fixes available 8 of 22

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts,...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release	Not in release
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Not in release
golang-1.17	Not in release	Fixed	Not in release	Not in release	Not in release
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.19	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Fixed	Fixed	Not in release	Not in release
golang-1.21	Not affected	Not affected	Not affected	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release

CVE-2023-29406

Medium priority

Some fixes available 5 of 25

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an...

12 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Ignored	Ignored
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release	Not in release
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Ignored
golang-1.17	Not in release	Fixed	Not in release	Not in release	Ignored
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.19	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.20	Not in release	Needs evaluation	Needs evaluation	Not in release	Ignored
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release

Export to JSON

Results by page: