go (SUSE:Package Hub 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 12 package go, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2023-39320 — CVSS 9.8 (critical): The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module…
CVE-2016-5386 — CVSS 8.1 (high): The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not…
CVE-2023-39323 — CVSS 8.1 (high): Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to…
CVE-2018-6574 — CVSS 7.8 (high): Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source…
CVE-2023-39322 — CVSS 7.5 (high): QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC…
CVE-2023-39325 — CVSS 7.5 (high): A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While…
CVE-2023-39319 — CVSS 6.1 (medium): The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals…
CVE-2023-39318 — CVSS 6.1 (medium): The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts…
CVE-2017-8932 — CVSS 5.9 (medium): A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2…