go1.21 (SUSE:Package Hub 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 12 package go1.21, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2023-39320 — CVSS 9.8 (critical): The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module…
CVE-2023-39323 — CVSS 8.1 (high): Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to…
CVE-2023-39322 — CVSS 7.5 (high): QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC…
CVE-2023-39325 — CVSS 7.5 (high): A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While…
CVE-2023-39318 — CVSS 6.1 (medium): The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts…
CVE-2023-39319 — CVSS 6.1 (medium): The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals…