pkg:Bitnami/golang

All known vulnerabilities

• HIGH8.1CVE-2020-0601⚠ KEVCertificate validation bypass on Windows in crypto/x509
  >= 1.12.0, < 1.12.16, >= 1.13.0, < 1.13.7
• MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
  from 0, < 1.20.10, >= 1.21.0-0, < 1.21.3
• CRITICAL10.0Unexpected session resumption in crypto/tls
  from 0, < 1.24.13, >= 1.25.0-0, < 1.25.7
• CRITICAL9.8Missing bound checks can lead to memory corruption in safe Go in cmd/compile
  from 0, < 1.25.9, >= 1.26.0, < 1.26.2
• CRITICAL9.8Output of "go env" does not sanitize values in cmd/go
  from 0, < 1.21.0-0
• CRITICAL9.8Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
  from 0, < 1.21.11, >= 1.22.0-0, < 1.22.4
• CRITICAL9.8Arbitrary code execution via go.mod toolchain directive in cmd/go
  >= 1.21.0, < 1.21.1
• CRITICAL9.8Code injection via go command with cgo in cmd/go
  from 0, < 1.19.10, >= 1.20.0, < 1.20.5
• CRITICAL9.8Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
  from 0, < 1.19.10, >= 1.20.0, < 1.20.5
• CRITICAL9.8Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go
  from 0, < 1.19.10, >= 1.20.0, < 1.20.5
• CRITICAL9.8Improper handling of JavaScript whitespace in html/template
  from 0, < 1.19.9, >= 1.20.0, < 1.20.4
• CRITICAL9.8Backticks not treated as string delimiters in html/template
  from 0, < 1.19.8, >= 1.20.0, < 1.20.3
• CRITICAL9.8Buffer overflow in WASM modules in misc/wasm and cmd/link
  from 0, < 1.16.9, >= 1.17.0, < 1.17.2
• CRITICAL9.8Authentication bypass in github.com/russellhaering/gosaml2
  from 0, < 1.17.0
• CRITICAL9.1Request smuggling due to acceptance of invalid chunked data in net/http
  from 0, < 1.23.8, >= 1.24.0-0, < 1.24.2
• CRITICAL9.1Incorrect computation for some invalid field elements in crypto/elliptic
  from 0, < 1.16.14, >= 1.17.0, < 1.17.7
• HIGH8.8Code execution vulnerability in SWIG code generation in cmd/go
  from 0, < 1.25.9, >= 1.26.0-0, < 1.26.2
• HIGH8.8GOAUTH credential leak in cmd/go
  >= 1.24.0-0, < 1.24.0-rc.2
• HIGH8.6Potential code smuggling via doc comments in cmd/cgo
  from 0, < 1.24.13, >= 1.25.0-0, < 1.25.7
• HIGH8.6Unexpected command execution in untrusted VCS repositories in cmd/go
  from 0, < 1.23.11, >= 1.24.0-0, < 1.24.5
• HIGH8.2Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
  >= 1.26.0-0, < 1.26.2
• HIGH8.1Arbitrary code execution during build via line directives in cmd/go
  from 0, < 1.20.9, >= 1.21.0, < 1.21.2
• HIGH7.8Arbitrary file write using cgo pkg-config directive in cmd/go
  from 0, < 1.24.12, >= 1.25.0, < 1.25.6
• HIGH7.8Unsafe behavior in setuid/setgid binaries in runtime
  from 0, < 1.19.10, >= 1.20.0, < 1.20.5
• HIGH7.8Empty Cmd.Path can trigger unintended binary in os/exec on Windows
  from 0, < 1.17.11, >= 1.18.0, < 1.18.3
• HIGH7.5Quadratic complexity in WordDecoder.DecodeHeader in mime
  from 0, < 1.25.11, >= 1.26.0-0, < 1.26.4
• HIGH7.5Quadratic string concatenation in consumePhrase in net/mail
  from 0, < 1.25.10, >= 1.26.0-0, < 1.26.3
• HIGH7.5Crash when handling long CNAME response in net
  from 0, < 1.25.10, >= 1.26.0-0, < 1.26.3
• HIGH7.5Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
  from 0, < 1.25.10, >= 1.26.0-0, < 1.26.3
• HIGH7.5Panic in Dial and LookupPort when handling NUL byte on Windows in net
  from 0, < 1.25.10, >= 1.26.0-0, < 1.26.3
• HIGH7.5Quadratic string concatentation in consumeComment in net/mail
  from 0, < 1.25.10, >= 1.26.0-0, < 1.26.3
• HIGH7.5Malicious module proxy can bypass checksum database in cmd/go
  from 0, < 1.25.10, >= 1.26.0-0, < 1.26.3
• HIGH7.5Inefficient policy validation in crypto/x509
  from 0, < 1.25.9, >= 1.26.0-0, < 1.26.2
• HIGH7.5Unexpected work during chain building in crypto/x509
  from 0, < 1.25.9, >= 1.26.0-0, < 1.26.2
• HIGH7.5Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
  from 0, < 1.25.9, >= 1.26.0-0, < 1.26.2
• HIGH7.5Incorrect enforcement of email constraints in crypto/x509
  >= 1.26.0-0, < 1.26.1
• HIGH7.5Incorrect parsing of IPv6 host literals in net/url
  from 0, < 1.25.8, >= 1.26.0-0, < 1.26.1
• HIGH7.5Memory exhaustion in query parameter parsing in net/url
  from 0, < 1.24.12, >= 1.25.0, < 1.25.6
• HIGH7.5Excessive resource consumption when printing error string for host certificate validation in crypto/x509
  from 0, < 1.24.11, >= 1.25.0, < 1.25.5
• HIGH7.5Panic when validating certificates with DSA public keys in crypto/x509
  from 0, < 1.24.8, >= 1.25.0, < 1.25.2
• HIGH7.5Quadratic complexity when parsing some invalid inputs in encoding/pem
  from 0, < 1.24.8, >= 1.25.0, < 1.25.2
• HIGH7.5Quadratic complexity when checking name constraints in crypto/x509
  from 0, < 1.24.9, >= 1.25.0, < 1.25.3
• HIGH7.5Excessive CPU consumption in ParseAddress in net/mail
  from 0, < 1.24.8, >= 1.25.0, < 1.25.2
• HIGH7.5Usage of ExtKeyUsageAny disables policy validation in crypto/x509
  >= 1.24.0-0, < 1.24.4
• HIGH7.5Arbitrary code execution during build on darwin in cmd/go
  >= 1.24.0-rc.2, < 1.24.0-rc.3
• HIGH7.5ParsePKCS1PrivateKey panic with partial keys in crypto/x509
  >= 1.24.0-0, < 1.24.0-rc.2
• HIGH7.5Stack exhaustion in Parse in go/build/constraint
  from 0, < 1.22.7, >= 1.23.0-0, < 1.23.1
• HIGH7.5Stack exhaustion in Decoder.Decode in encoding/gob
  from 0, < 1.22.7, >= 1.23.0-0, < 1.23.1
• HIGH7.5Denial of service due to improper 100-continue handling in net/http
  from 0, < 1.21.12, >= 1.22.0-0, < 1.22.5
• HIGH7.5Comments in display names are incorrectly handled in net/mail
  from 0, < 1.21.8, >= 1.22.0-0, < 1.22.1
• HIGH7.5Command 'go get' may unexpectedly fallback to insecure git in cmd/go
  from 0, < 1.20.12, >= 1.21.0-0, < 1.21.5
• HIGH7.5Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
  from 0, < 1.20.0
• HIGH7.5Insecure parsing of Windows paths with a \??\ prefix in path/filepath
  from 0, < 1.20.11, >= 1.21.0-0, < 1.21.4
• HIGH7.5HTTP/2 rapid reset can cause excessive work in net/http
  >= 1.20.0, < 1.20.10, >= 1.21.0, < 1.21.3
• HIGH7.5Panic when processing post-handshake message on QUIC connections in crypto/tls
  >= 1.21.0, < 1.21.1
• HIGH7.5Memory exhaustion in QUIC connection handling in crypto/tls
  >= 1.21.0, < 1.21.1
• HIGH7.5Infinite loop in parsing in go/scanner
  from 0, < 1.19.8, >= 1.20.0, < 1.20.3
• HIGH7.5Excessive resource consumption in net/http, net/textproto and mime/multipart
  from 0, < 1.19.8, >= 1.20.0, < 1.20.3
• HIGH7.5Excessive memory allocation in net/http and net/textproto
  from 0, < 1.19.8, >= 1.20.0, < 1.20.3
• HIGH7.5Excessive resource consumption in mime/multipart
  from 0, < 1.19.6, >= 1.20.0, < 1.20.1
• HIGH7.5Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
  from 0, < 1.19.6, >= 1.20.0, < 1.20.1
• HIGH7.5Panic on large handshake records in crypto/tls
  from 0, < 1.19.6, >= 1.20.0, < 1.20.1
• HIGH7.5Path traversal on Windows in path/filepath
  from 0, < 1.19.6, >= 1.20.0, < 1.20.1
• HIGH7.5Restricted file access on Windows in os and net/http
  from 0, < 1.18.9, >= 1.19.0, < 1.19.4
• HIGH7.5Unsanitized NUL in environment variables on Windows in syscall and os/exec
  from 0, < 1.18.8, >= 1.19.0, < 1.19.3
• HIGH7.5Incorrect sanitization of forwarded query parameters in net/http/httputil
  from 0, < 1.18.7, >= 1.19.0, < 1.19.2
• HIGH7.5Memory exhaustion when compiling regular expressions in regexp/syntax
  from 0, < 1.18.7, >= 1.19.0, < 1.19.2
• HIGH7.5Unbounded memory consumption when reading headers in archive/tar
  from 0, < 1.18.7, >= 1.19.0, < 1.19.2
• HIGH7.5Failure to strip relative path components in net/url
  >= 1.19.0-0, < 1.19.1
• HIGH7.5Denial of service in net/http and golang.org/x/net/http2
  from 0, < 1.18.6, >= 1.19.0, < 1.19.1
• HIGH7.5Panic when decoding Float and Rat types in math/big
  from 0, < 1.17.13, >= 1.18.0, < 1.18.5
• HIGH7.5Incorrect access control in the go command in cmd/go/internal/modfetch
  from 0, < 1.16.14, >= 1.17.0, < 1.17.7
• HIGH7.5Path traversal via Clean on Windows in path/filepath
  from 0, < 1.17.11, >= 1.18.0, < 1.18.3
• HIGH7.5Arbitrary code execution via the go command with cgo in cmd/go
  from 0, < 1.14.12, >= 1.15.0, < 1.15.5
• HIGH7.5Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo
  from 0, < 1.14.12, >= 1.15.0, < 1.15.5
• HIGH7.5Stack exhaustion in Glob on certain paths in io/fs
  from 0, < 1.17.12, >= 1.18.0, < 1.18.4
• HIGH7.5Stack exhaustion when decoding certain messages in encoding/gob
  from 0, < 1.17.12, >= 1.18.0, < 1.18.4
• HIGH7.5Stack exhaustion when reading certain archives in compress/gzip
  from 0, < 1.17.12, >= 1.18.0, < 1.18.4
• HIGH7.5Stack exhaustion when unmarshaling certain documents in encoding/xml
  from 0, < 1.17.12, >= 1.18.0, < 1.18.4
• HIGH7.5Stack exhaustion on crafted paths in path/filepath
  from 0, < 1.17.12, >= 1.18.0, < 1.18.4
• HIGH7.5Stack exhaustion from deeply nested XML documents in encoding/xml
  from 0, < 1.17.12, >= 1.18.0, < 1.18.4
• HIGH7.5Indefinite hang with large buffers on Windows in crypto/rand
  from 0, < 1.17.11, >= 1.18.0, < 1.18.3
• HIGH7.5Infinite loop when parsing inputs in golang.org/x/net/html
  from 0, < 1.15.12, >= 1.16.0, < 1.16.4
• HIGH7.5Stack exhaustion when compiling deeply nested expressions in regexp
  from 0, < 1.16.15, >= 1.17.0, < 1.17.8
• HIGH7.5golang-1.8 - security update
  from 0, < 1.16.14, >= 1.17.0, < 1.17.7
• HIGH7.5Panic during certificate parsing on Darwin in crypto/x509
  >= 1.18.0, < 1.18.1
• HIGH7.5Panic due to large inputs affecting P-256 curves in crypto/elliptic
  from 0, < 1.17.9, >= 1.18.0, < 1.18.1
• HIGH7.5Stack overflow from a large amount of PEM data in encoding/pem
  from 0, < 1.17.9, >= 1.18.0, < 1.18.1
• HIGH7.5Panic due to crafted inputs in archive/zip
  from 0, < 1.16.8, >= 1.17.0, < 1.17.1
• HIGH7.5Infinite loop when decoding inputs in encoding/xml
  from 0, < 1.15.9, >= 1.16.0, < 1.16.1
• HIGH7.5golang-1.7 - security update
  from 0, < 1.15.13, >= 1.16.0, < 1.16.5
• HIGH7.5Panic on inputs with large exponents in math/big
  from 0, < 1.15.13, >= 1.16.0, < 1.16.5
• HIGH7.5Panic when opening certain archives in archive/zip
  from 0, < 1.16.10, >= 1.17.0, < 1.17.3
• HIGH7.5Panic on invalid symbol tables in debug/macho
  from 0, < 1.16.10, >= 1.17.0, < 1.17.3
• HIGH7.5Unbounded memory growth in net/http and golang.org/x/net/http2
  from 0, < 1.16.12, >= 1.17.0, < 1.17.5
• HIGH7.5Unbounded read from invalid inputs in encoding/binary
  from 0, < 1.13.15, >= 1.14.0, < 1.14.7
• HIGH7.5Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) al…
  from 0, < 1.17.0
• HIGH7.5Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte
  >= 1.12.0, < 1.12.6, >= 1.13.0, < 1.13.7
• HIGH7.5Panic during division of very large numbers in math/big
  from 0, < 1.14.12, >= 1.15.0, < 1.15.5
• HIGH7.5Arbitrary code injection via the go command with cgo on Windows in cmd/go
  from 0, < 1.14.14, >= 1.15.0, < 1.15.7