go1.21 (SUSE:Linux Enterprise Module for Development Tools 15 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Development Tools 15 SP4 package go1.21, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2023-39320 — CVSS 9.8 (critical): The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module…
CVE-2023-39323 — CVSS 8.1 (high): Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to…
CVE-2023-39322 — CVSS 7.5 (high): QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC…
CVE-2023-45285 — CVSS 7.5 (high): Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is…
CVE-2023-39325 — CVSS 7.5 (high): A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While…
CVE-2023-45283 — CVSS 7.5 (high): The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device…
CVE-2023-39319 — CVSS 6.1 (medium): The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals…
CVE-2023-39318 — CVSS 6.1 (medium): The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts…
CVE-2023-45284 — CVSS 5.3 (medium): On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as…
CVE-2023-39326 — CVSS 5.3 (medium): A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from…