Shodan
Vulnerabilities
Vulnerable Software
Golang:  >> Go  >> 1.1  Security Vulnerabilities
CVE-2020-29511
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-12-14
CVE-2020-28367
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-11-18
CVE-2020-28362
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-11-18
CVE-2020-28366
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-11-18
CVE-2020-24553
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-09-02
CVE-2020-16845
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-08-06
CVE-2020-14039
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-07-17
CVE-2020-15586
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
CVSS Score
5.9
EPSS Score
0.006
Published
2020-07-17
CVE-2015-5741
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
CVSS Score
9.8
EPSS Score
0.018
Published
2020-02-08
CVE-2019-16276
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
CVSS Score
7.5
EPSS Score
0.152
Published
2019-09-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved