Vulnerability Reports


If an attacker has access to a Prometheus web.yml file and users' bcrypted passwords, it would be possible to bypass security via the built-in authentication cache.


Authentication bypass is possible when processing SAML responses containing multiple Assertion elements.


Erroneous message decoding can cause denial of service. Improper checking of maximum witness size during node message decoding prevented nodes in Lightning Labs lnd (before 0.15.2-beta) to sync.


Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".


An attacker can access the internal metadata server or other unauthenticated URLs by adding a specific header (X-Skipper-Proxy) to the http request.


A malformed message can crash the free5gc/amf and free5gc/ngap decoders via an index-out-of-range panic in `aper.GetBitString`.


Flux controllers are vulnerable to a denial of service attack. Users that have permissions to change Flux's objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed. The issue has two root causes: a) the Kubernetes type `metav1.Duration` is not fully compatible with the Go type `time.Duration` as explained in, and b) a lack of validation within Flux to restrict allowed values.


An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.


Potential creation of an invalid signature from correct inputs. Some inputs to the blst_fp_eucl_inverse function can produce incorrect outputs. This could theoretically permit the creation of an invalid signature from correct inputs.


Mishandling of timestamps during consensus process can cause a denial of service. While reaching consensus, different tendermint nodes can observe a different timestamp for a consensus evidence. This mismatch can cause the evidence to be invalid, upon which the node producing the evidence will be asked to generate a new evidence. This new evidence will be the same, which means it will again be rejected by other nodes involved in the consensus. This loop will continue until the peer nodes decide to disconnect from the node producing the evidence.


The Singularity Image Format (SIF) reference implementation does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures.


Default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable auth but do not override this setting may unknowingly allow public traffic in by way of this default password with attackers effectively impersonating propeller.


Helm does not sanitize all fields read from repository data files. A maliciously crafted data file may contain strings containing arbitrary data. If printed to a terminal, a malicious string could obscure or alter data on the screen.


Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.


Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.


Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.


Labstack Echo contains an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).


Improper path sanitization on Windows permits path traversal attacks. Static file serving with the Static or StaticFS functions allows an attacker to access files from outside the filesystem root. This vulnerability does not affect non-Windows systems.


DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.


SGID programs executed in a container can access files that have negative group permissions for the user's primary group. Consider a file which is owned by user u1 and group g1, permits user and other read access, and does NOT permit group read access. This file is readable by u1 and all other users except for ones in group g1. A program with the set-group-ID (SGID) bit set assumes the primary group of the program's group when it executes. A user with the primary group g1 who executes an SGID program owned by group g2 should not be able to access the file described above. While the program executes with the primary group g2, the group g1 should remain in its supplementary groups, blocking access to the file. Buildah does not correctly add g1 to the supplementary groups in this scenario, permitting unauthorized access.


An attacker with the ability to insert public keys into a TUF repository can cause clients to accept a staged change that has not been signed by the correct threshold of signatures.


ParseVector can panic when provided with invalid input.


JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("", "../go") returns the URL "", despite the JoinPath documentation stating that ../ path elements are removed from the result.


The text of errors returned by Template.Execute can contain Vault secrets, potentially revealing these secrets in logs or error reports.


DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain.


Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function, which allows users to provide a set of built-in functions that should be deemed unsafe and rejected by the compiler if encountered in the policy compilation stage. A bypass of this protection is possible when using the `with` keyword to mock a built-in function that isn't taken into account by `WithUnsafeBuiltins`.


Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.


HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service.


Unauthenticated clients can cause a panic in SSH servers. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains an empty plaintext causes a panic.


Unbounded recursion in JSON parsing allows malicious JSON input to cause excessive memory consumption or panics.


A memory allocation vulnerability can be exploited to allocate arbitrarily large slices, which can exhaust available memory or crash the program. When parsing data from untrusted sources of input (e.g. the blockchain), the length of the slice to allocate is read directly from the data itself without any checks, which could lead to an allocation of excessive memory.


Applications that use the strvals package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The strvals package contains a parser that turns strings into Go structures. For example, the Helm client has command line flags like --set, --set-string, and others that enable the user to pass in strings that are merged into the values. The strvals package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. The Helm Client will panic with input to --set, --set-string, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client.


A maliciously crafted JSON input can cause a denial of service attack.


Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.


Power level parsing does not parse the "events_default" key of the event, setting the event default power level to zero in all cases. This can cause events to be improperly accepted or rejected in rooms where the event_default power level has been changed.


The go-jose library suffers from multiple signatures exploitation. When validating a signed message, the API did not indicate which signature was valid, which creates the potential for confusion.


graphql-go (aka GraphQL for Go) has infinite recursion in the type definition parser.


An XSS injection was possible because the sanitization of the Cyrillic character i bypass a protection mechanism against user-inputted HTML elements such as the <script> tag.


An input validation flaw in the CGI components allows the HTTP_PROXY environment variable to be set by the incoming Proxy header, which changes where Go by default proxies all outbound HTTP requests. This environment variable is also used to set the outgoing proxy, enabling an attacker to insert a proxy into outgoing requests of a CGI program. Read more about "httpoxy" here:


Rancher 2 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher.


Sensitive HTTP headers may not be properly sanitized before being sent to the APM server if the program panics.


Crafted object type names can cause directory traversal in Kubernetes. Object names are not validated before being passed to etcd. This allows attackers to write arbitrary files via a crafted object name, hence causing directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0.


The Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket. Files encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until reencrypted with the new client.


A local attacker can cause a panic if they are able to send arbitrary traffic to a monitored port, due to an out of bounds read.


Modifying pod status allows host directory traversal. Kubernetes Secrets Store CSI Driver allows an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.


Exposing annotations as metrics can leak secrets. An experimental feature of kube-state-metrics enables annotations to be exposed as metrics. By default, metrics only expose metadata about secrets. However, a combination of the default kubectl behavior and this new feature can cause the entire secret content to end up in metric labels.


CORS filters that use an AllowedDomains configuration parameter can match domains outside the specified set, permitting an attacker to avoid the CORS policy. The AllowedDomains configuration parameter is documented as a list of allowed origin domains, but values in this list are applied as regular expression matches. For example, an allowed domain of "" will match the Origin header "".


An issue in the Unmarshal function can cause a program to panic when attempting to deserialize invalid input.


The bluemonday HTML sanitizer can leak the contents of a "style" element into HTML output, potentially causing XSS vulnerabilities. The default bluemonday sanitization policies are not vulnerable. Only user-defined policies allowing "select", "style", and "option" elements are affected. Permitting the "style" element in policies is hazardous, because bluemonday does not contain a CSS sanitizer. Newer versions of bluemonday suppress "style" and "script" elements even when allowed by a policy unless the policy explicitly requests unsafe processing.


An issue in ast.Parser in Open Policy Agent causes the application to incorrectly interpret expressions, allowing a Denial of Service (DoS) via triggering out-of-range memory access.


Malicious HTTP responses can cause a number of misbehaviors, including overwriting local files, resource exhaustion, and panics. * Protocol switching, endless redirect, and configuration bypass are possible through abuse of custom HTTP response header processing. * Arbitrary host access is possible through go-getter path traversal, symlink processing, and command injection flaws. * Asymmetric resource exhaustion can occur when go-getter processes malicious HTTP responses. * A panic can be triggered when go-getter processed password-protected ZIP files.


An issue in the AST parser of Open Policy Agent makes it possible for attackers to cause a Denial of Service attack from a crafted input.


An issue was discovered in the route lookup process in beego which attackers to bypass access control.


The leafInfo.match() function uses path.join() to deal with wildcard values which can lead to cross directory risk.


An attacker can forge Biscuit v1 tokens with any access level. There is no known workaround for Biscuit v1. The Biscuit v2 specification avoids this vulnerability.


A Cross-Site Request Forgery vulnerability exists in Filebrowser that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim.


The psgo package executes the 'nsenter' binary, potentially allowing privilege escalation when used in environments where nsenter is provided by an untrusted source.


Decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.


Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.


A Windows vulnerability allows attackers to spoof valid certificate chains when the system root store is in use. A workaround is present in Go 1.12.6+ and Go 1.13.7+, but affected users should additionally install the Windows security update to protect their system. See for details on the Windows vulnerability.


Validation of Gitlab requests can leak secrets. The package uses a non-constant time comparison for secrets while validating a Gitlab request. This allows for a timing attack where an attacker can recover a secret and then forge the request.


On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.


On Windows, executing Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset will unintentionally trigger execution of any binaries in the working directory named either "" or "..exe".


An attacker can correlate a resumed TLS session with a previous connection. Session tickets generated by crypto/tls do not contain a randomly generated ticket_age_add, which allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.


Sending a message exactly 2000, 4000, or 6000 characters in length to Discord causes a panic.


Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.


Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.


The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a "chunked" encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also improperly failed to reject the header as invalid.


Calling Reader.Read on an archive containing a large number of concatenated 0-length compressed files can cause a panic due to stack exhaustion.


Unmarshaling an XML document into a Go struct which has a nested field that uses the 'any' field tag can panic due to stack exhaustion.


Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.


Calling Decoder.Skip when parsing a deeply nested XML document can cause a panic due to stack exhaustion.


Client IP adresses may be unintentionally exposed via X-Forwarded-For headers. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy sets the client IP as the value of the X-Forwarded-For header, contrary to its documentation. In the more usual case where a Director function sets the X-Forwarded-For header value to nil, ReverseProxy leaves the header unmodified as expected.


Improper validation of access tokens can permit use of expired tokens.


Calling any of the Parse functions on Go source code which contains deeply nested types or declarations can cause a panic due to stack exhaustion.


Decoding malformed CAR data can cause panics or excessive memory usage.


When called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.


GitArtifactReader is vulnerable to directory traversal attacks. The GitArtifactReader.Read function reads and returns the contents of a Git repository file. A maliciously crafted repository can exploit this to cause Read to read from arbitrary files on the filesystem.


On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 << 32 - 1 bytes.


The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code. This can be caused by malicious gcc flags specified via a cgo directive.


The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code. This can be caused by malicious unquoted symbol name in a linked object file.


HTTP handlers provide unauthenticated access to the local filesystem. The Bleve http package is intended for demonstration purposes and contains no authentication, authorization, or validation of user inputs. Exposing handlers from this package can permit attackers to create files and delete directories.


Routes in the beego HTTP router can match unintended patterns. This overly-broad matching may permit an attacker to bypass access controls. For example, the pattern "/a/b/:name" can match the URL "/a.xml/b/". This may bypass access control applied to the prefix "/a/".


Client-provided certificates are not correctly validated, and must not be trusted. DTLS client certificates must be accompanied by proof that the client possesses the private key for the certificate. The Pion DTLS server accepted client certificates unaccompanied by this proof, permitting an attacker to present any certificate and have it accepted as valid.


Attacker can cause unbounded memory consumption. The Pion DTLS client and server buffer handshake data with no upper limit, permitting an attacker to cause unbounded memory consumption by sending an unterminated handshake.


An attacker can send packets that send the DTLS server or client into an infinite loop.


The TUF client is vulnerable to rollback attacks, in which an attacker causes a client to install software older than the software the client previously knew to be available.


The getter package can write SSH credentials to its logfile, exposing credentials to local users able to read the logfile.


A crafted scalar input longer than 32 bytes can cause P256().ScalarMult or P256().ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected.


Verifying certificate chains containing certificates which are not compliant with RFC 5280 causes Certificate.Verify to panic on macOS. These chains can be delivered through TLS and can cause a crypto/tls or net/http client to crash.


encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.


The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. In a separate issue, the Decrypt function increments the nonce state even when it fails to decrypt a message. If an attacker can provide an invalid input to the Decrypt function, this will cause the nonce state to desynchronize between the peers, resulting in a failure to encrypt all subsequent messages.


The dag-pb codec can panic when decoding invalid blocks.


Containers are created with non-empty inheritable Linux process capabilities, permitting programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug does not affect the container security sandbox, as the inheritable set never contains more capabilities than are included in the container's bounding set.


Passing untrusted inputs to VCS functions can permit an attacker to execute arbitrary commands. The vcs package executes version control commands with user-provided arguments. These arguments can be interpreted as command-line flags, which can be used to perform command injection.


Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.


A malicious account can create and sign a User JWT which causes a panic when decoded by the NATS JWT library.


A race condition can cause incorrect HTTP request routing.


The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.


Import tokens valid for one account may be used for any other account. Validation of Import token bindings incorrectly warns on mismatches, rather than rejecting the Goken. This permits a token for one account to be used for any other account.


The username and password credentials associated with a Helm repository can be passed to another domain referenced by that Helm repository. If the index.yaml for a Helm repository is hosted on one domain and references a chart archive on a different domain, Helm will provide the credentials for the index.yaml's domain when fetching those archives.


The AccountClaims.IsRevoked and Export.IsRevoked functions improperly validate expired credentials using the current system time rather than the issue time of the JWT to be tested. These functions cannot be used properly. Newer versions of the jwt package provide an IsClaimRevoked method which performs correct validation. In these versions, the IsRevoked method always return true.


Systems that rely on digest equivalence for image attestations may be vulnerable to type confusion. A maliciously crafted OCI Container Image can cause registry clients to parse the same image in two different ways without modifying the image's digest, invalidating the common pattern of relying on container image digests for equivalence. This problem has been addressed in newer versions by improving validation in manifest unmarshaling.


Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.


The fasthttp.FS request handler is vulnerable to directory traversal attacks on Windows systems, and can serve files from outside the provided root directory. URL path normalization does not handle Windows path separators (backslashes), permitting an attacker to construct requests with relative paths.


A maliciously crafted RPM file can cause the Scanner.Scan function to write files with arbitrary contents to arbitrary locations on the local filestem.


The RunUsingChroot function unintentionally propagates environment variables from the current process to the child process.


The Prometheus client_golang HTTP server is vulnerable to a denial of service attack when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of the promhttp.InstrumentHandler* middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass a metric with a "method" label name to a middleware; and not have any firewall/LB/proxy that filters away requests with unknown "method".


Incorrect access control is possible in the go command. The go command can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is authorized to create branches but not tags.


Pretty-printing an AST that contains synthetic nodes can change the logic of some statements by reordering array literals.


Malicious inputs can cause a panic. A maliciously crafted input can cause a stack overflow and panic. Any user with access to the GraphQL can send such a query. This issue only occurs when using the graphql.MaxDepth schema option (which is highly recommended in most cases).


A local attacker can defeat remotely-attested measured boot. Improper input validation in AKPublic.Verify can cause it to succeed when provided with a maliciously-formed Quote over no/some PCRs. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the authentication performed by quote verification, meaning a local attacker can couple this vulnerability with a maliciously-formed TCG log in Eventlog.Verify to spoof events in the TCG log, defeating remotely-attested measured-boot.


When a Go program running on a Unix system is out of file descriptors and calls syscall.ForkExec (including indirectly by using the os/exec package), syscall.ForkExec can close file descriptor 0 as it fails. If this happens (or can be provoked) repeatedly, it can result in misdirected I/O such as writing network traffic intended for one connection to a different connection, or content intended for one file to a different one. For users who cannot immediately update to the new release, the bug can be mitigated by raising the per-process file descriptor limit.


An attacker can cause unbounded memory growth in servers accepting HTTP/2 requests.


An attacker with partial control over the bind mount sources of a new container can bypass namespace restrictions.


The NewReader and OpenReader functions in archive/zip can cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size. This is caused by an incomplete fix for CVE-2021-33196.


The Context.UploadFormFiles function is vulnerable to directory traversal attacks, and can be made to write to arbitrary locations outside the destination directory. This vulnerability only occurs when built with Go versions prior to 1.17. Go 1.17 and later strip directory paths from filenames returned by "mime/multipart".Part.FileName, which avoids this issue.


A maliciously crafted snap/1 protocol message can cause a panic.


A vulnerability in the Geth EVM can cause a node to reject the canonical chain. A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead to the chain being split in two forks.


The HTTPFetcher.GetXML function reads a response of unlimited size into memory, permitting resource exhausion.


Invalid input data can cause a panic.


Invalid input data can cause a panic.


Manifest path extraction is vulnerable to directory traversal attacks. The ExtractPathManifest function permits file paths containing relative directory components (".."), permitting files to reference arbitrary locations on the filesystem.


When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments due to a buffer overflow error. If using wasm_exec.js to execute WASM modules, users will need to replace their copy (as described in after rebuilding any modules.


The ROAEntry.Validate function fails to perform bounds checks on the MaxLength field, allowing invalid values to pass validation.


Random data used to create UUIDs can contain zeros, resulting in predictable UUIDs and possible collisions.


A malicious HTTP server or client can cause the net/http client or server to panic. ReadRequest and ReadResponse can hit an unrecoverable panic when reading a very large header (over 7MB on 64-bit architectures, or over 4MB on 32-bit ones). Transport and Client are vulnerable and the program can be made to crash by a malicious server. Server is not vulnerable by default, but can be if the default max header of 1MB is overridden by setting Server.MaxHeaderBytes to a higher value, in which case the program can be made to crash by a malicious client. This also affects and HeaderValuesContainsToken in


The PROXY protocol server does not impose a timeout on reading the header from new connections, allowing a malicious client to cause resource exhaustion and a denial of service by opening many connections and sending no data on them. v0.6.0 of the proxyproto package adds support for a user-defined header timeout. v0.6.1 adds a default timeout of 200ms and v0.6.2 increases the default timeout to 10s.


The FindInPath function is vulnerable to directory traversal attacks, potentially permitting attackers to execute arbitrary binaries. This function does not sanitize its plugin parameter, so parameter names containing "../" or other such elements may reference arbitrary locations on the filesystem.


On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of can lead to a panic. The malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected.


Go on Windows misused certain LoadLibrary functionality, leading to DLL injection.


A DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private key is reused more than once, the attack can also lead to key recovery.


Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don't chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server that accepts and verifies client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected. Moreover, an application might crash invoking crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate request, parsing a Entity, or during a conversation. Finally, a client can panic due to a malformed host key, while a server could panic if either PublicKeyCallback accepts a malformed public key, or if IsUserAuthority accepts a certificate with a malformed public key.


net/http (through net/textproto) used to accept and normalize invalid HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. If a Go server is used behind an uncommon reverse proxy that accepts and forwards but doesn't normalize such invalid headers, the reverse proxy and the server can interpret the headers differently. This can lead to filter bypasses or request smuggling, the latter if requests from separate clients are multiplexed onto the same upstream connection by the proxy. Such invalid headers are now rejected by Go servers, and passed without normalization to Go client applications.


The url.Parse function accepts URLs with malformed hosts, such that the Host field can have arbitrary suffixes that appear in neither Hostname() nor Port(), allowing authorization bypasses in certain applications.


XORKeyStream generates incorrect and insecure output for very large inputs. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications. The issue might affect uses of with extremely large messages. Architectures other than amd64 and uses that generate less than 256 GiB of keystream for a single salsa20.XORKeyStream invocation are unaffected.


The "go get" command is vulnerable to remote code execution. When the -insecure command-line option is used, "go get" does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.


The "go get" command with cgo is vulnerable to remote command execution by leveraging the gcc or clang plugin feature. When cgo is enabled, the build step during "go get" invokes the host C compiler, gcc or clang, adding compiler flags specified in the Go source files. Both gcc and clang support a plugin mechanism in which a shared-library plugin is loaded into the compiler, as directed by compiler flags. This means that a Go package repository can contain an file along with a Go source file that says (for example) "// #cgo CFLAGS:" causing the attack plugin to be loaded into the host C compiler during the build. Gcc and clang plugins are completely unrestricted in their access to the host system.


The Parse function can panic on some invalid inputs. For example, the Parse function panics on the input "<svg><template><desc><t><svg></template>".


The Parse function can panic on some invalid inputs. For example, the Parse function panics on the input "<template><tBody><isindex/action=0>".


The Parse function can panic on some invalid inputs. For example, the Parse function panics on the input "<math><template><mo><template>".


The crypto/x509 package does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients verifying certificates are affected.


The "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly brace (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at The attacker can cause an arbitrary filesystem write, which can lead to code execution.


The "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at Using custom domains, it's possible to arrange things so that a Git repository is cloned to a folder named ".git" by using a vanity import path that ends with "/.git". If the Git repository root contains a "HEAD" file, a "config" file, an "objects" directory, a "refs" directory, with some work to ensure the proper ordering of operations, "go get -u" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the "config" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running "go get -u". Note that forbidding import paths with a .git element might not be sufficient to mitigate this issue, as on certain systems there can be other aliases for VCS state folders.


The ScalarMult implementation of curve P-256 for amd64 architectures generates incorrect results for certain specific input points. An adaptive attack can progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.


The "go get" command allows remote command execution. Using custom domains, it is possible to arrange things so that points to a Subversion repository but points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get".


On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.


The Verify function in crypto/dsa passed certain parameters unchecked to the underlying big integer library, possibly leading to extremely long-running computations, which in turn makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client certificates or the Go SSH server libraries are both exposed to this vulnerability.


The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent the user from running an image that another user previously decrypted on the same system. In versions prior to 1.1.4, a failure occurs when an image with a ManifestList is used and the architecture of the local host is not the first one in the ManifestList. Only the first architecture in the list was tested, which may not have its layers available locally since it could not be run on the host architecture. Therefore, the verdict on unavailable layers was that the image could be run anticipating that image run failure would occur later due to the layers not being available. However, this verdict to allow the image to run enabled other architectures in the ManifestList to run an image without providing keys if that image had previously been decrypted. A patch has been applied to imgcrypt 1.1.4. Workarounds may include usage of different namespaces for each remote user.


Attackers can cause a crash in SSH servers when the server has been configured by passing a Signer to ServerConfig.AddHostKey such that 1) the Signer passed to AddHostKey does not implement AlgorithmSigner, and 2) the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey method. Servers that only use Signer implementations provided by the ssh package are unaffected.


On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB.


Some big.Int values that are not valid field elements (negative or overflowing) might cause Curve.IsOnCurve to incorrectly return true. Operating on those values may cause a panic or an invalid curve operation. Note that Unmarshal will never return such values.


Rat.SetString had an overflow issue that can lead to uncontrolled memory consumption.


A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.


Previously, opening a zip with (*Reader).Open could result in a panic if the zip contained a file whose name was exclusively made up of slash characters or ".." path elements. Open could also panic if passed the empty string directly as an argument. Now, any files in the zip whose name could not be made valid for fs.FS.Open will be skipped, and no longer added to the fs.FS file list, although they are still accessible through (*Reader).File. Note that it was already the case that a file could be accessible from (*Reader).Open with a name different from the one in (*Reader).File, as the former is the cleaned name, while the latter is the original one. Finally, the actual panic site was made robust as a defense-in-depth measure.


Calling File.ImportedSymbols on a loaded file which contains an invalid dynamic symbol table command can cause a panic, in particular if the encoded number of undefined symbols is larger than the number of symbols in the symbol table.


Pomerium is an open source identity-aware access proxy. Changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowed_idp_claims as part of policy. If using allowed_idp_claims and a user's claims are changed, Pomerium can make incorrect authorization decisions. For users unable to upgrade clear data on databroker service by clearing redis or restarting the in-memory databroker to force claims to be updated.


ReverseProxy can panic after encountering a problem copying a proxied response body.


crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected.


Rat.SetString and Rat.UnmarshalText may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents.


ReverseProxy can be made to forward certain hop-by-hop headers, including Connection. If the target of the ReverseProxy is itself a reverse proxy, this lets an attacker drop arbitrary headers, including those set by the ReverseProxy.Director.


NewReader and OpenReader can cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size.


The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions and their respective methods on the Resolver type may return arbitrary values retrieved from DNS which do not follow the established RFC 1035 rules for domain names. If these names are used without further sanitization, for instance unsafely included in HTML, they may allow for injection of unexpected content. Note that LookupTXT may still return arbitrary values that could require sanitization before further use.


An attacker can craft an input to ParseFragment that causes it to enter an infinite loop and never return.


Attackers may be able to craft phishing links and other open redirects by exploiting PowerMux's trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link.


The P224() Curve implementation can in rare circumstances generate incorrect outputs, including returning invalid points from ScalarMult.


The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element.


The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.


Clients can cause a panic in SSH servers. An attacker can craft an authentication request message for the “gssapi-with-mic” method which will cause NewServerConn to panic via a nil pointer dereference if ServerConfig.GSSAPIWithMICConfig is nil.


When a Handler does not explicitly set the Content-Type header, the the package would default to “text/html”, which could cause a Cross-Site Scripting vulnerability if an attacker can control any part of the contents of a response. The Content-Type header is now set based on the contents of the first Write using http.DetectContentType, which is consistent with the behavior of the net/http package. Although this protects some applications that validate the contents of uploaded files, not setting the Content-Type header explicitly on any attacker-controlled file is unsafe and should be avoided.


HTTP servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The httputil.ReverseProxy Handler is affected.


On Windows, if VerifyOptions.Roots is nil, Certificate.Verify does not check the EKU requirements specified in VerifyOptions.KeyUsages. This may allow a certificate to be used for an unintended purpose.


SMTP clients using net/smtp can use the PLAIN authentication scheme on network connections not secured with TLS, exposing passwords to man-in-the-middle SMTP servers.


When parsing large multipart/form-data, an attacker can cause a HTTP server to open a large number of file descriptors. This may be used as a denial-of-service vector.


Untrusted search path vulnerability on Windows related to LoadLibrary allows local users to gain privileges via a malicious DLL in the current working directory.


Int.Exp Montgomery mishandled carry propagation and produced an incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically, incorrect results in one part of the RSA Chinese Remainder computation can cause the result to be incorrect in such a way that it leaks one of the primes. While RSA blinding should prevent an attacker from crafting specific inputs that trigger the bug, on 32-bit systems the bug can be expected to occur at random around one in 2^26 times. Thus collecting around 64 million signatures (of known data) from an affected server should be enough to extract the private key used. Note that on 64-bit systems, the frequency of the bug is so low (less than one in 2^50) that it would be very difficult to exploit.


HTTP headers were not properly parsed, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.


When SessionTicketsDisabled is enabled, crypto/tls allowed man-in-the-middle attackers to spoof clients via unspecified vectors. If the server enables TLS client authentication using certificates (this is rare) and explicitly sets SessionTicketsDisabled to true in the tls.Config, then a malicious client can falsely assert ownership of any client certificate it wishes.


ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs. Certain invalid inputs to ReadUvarint or ReadVarint can cause these functions to read an unlimited number of bytes from the ByteReader parameter before returning an error. This can lead to processing more input than expected when the caller is reading directly from a network and depends on ReadUvarint or ReadVarint only consuming a small, bounded number of bytes, even from invalid inputs.


Due to improper index calculation, an incorrectly formatted language tag can cause Parse to panic via an out of bounds read. If Parse is used to process untrusted user inputs, this may be used as a vector for a denial of service attack.


Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are affected if they use this package to handle untrusted user input.


Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be replayed.


Due to improper error handling, an error with the underlying token storage may cause a user to believe a token has been successfully revoked when it is in fact still valid. An attackers ability to exploit this relies on an ability to trigger errors in the underlying storage.


Due to improper input sanitization, a maliciously constructed filename could cause a file download to use an attacker controlled filename, as well as injecting additional headers into an HTTP response.


Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.


Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.


Due to an incorrect state calculation, a specific set of transactions could cause a consensus disagreement, causing users of this package to reject a canonical chain.


Due to improper error handling, DTLS connections were not killed when certificate verification failed, causing users who did not check the connection state to continue to use the connection. This could allow allow an attacker which holds the ICE password, but not a valid certificate, to bypass this restriction.


Due to improper bounds checking, certain mathmatical operations can cause a panic via an out of bounds read. If this package is used to process untrusted user inputs, this may be used as a vector for a denial of service attack.


Due to improper input validation, a maliciously crafted input can cause a panic, due to incorrect nonce size. If this package is used to decrypt user supplied messages without checking the size of supplied nonces, this may be used as a vector for a denial of service attack.


Due to an improper bounds check, parsing maliciously crafted messages can cause panics. If this package is used to parse untrusted input, this may be used as a vector for a denial of service attack.


Due to a goroutine deadlock, using on a xz archive returns a reader which will hang indefinitely when Close is called. An attacker can use this to cause denial of service if they are able to cause the caller to attempt to decompress an archive they control.


Due to improper path validation, using the content store may result in directory traversal during archive extraction, allowing a malicious archive to write paths to arbitrary paths that the process can write to.


Due to the standard library behavior of exec.LookPath on Windows a number of methods may result in arbitrary code execution when cloning or operating on untrusted Git repositories.


Due to improper bounds checking, a number of methods can trigger a panic due to attempted out-of-bounds reads. If the package is used to parse user supplied input, this may be used as a vector for a denial of service attack.


Due to improper setting of finalizers, memory passed to C may be freed before it is used, leading to crashes due to memory corruption or possible code execution.


Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted, allowing them to use the created key.


Protections against directory traversal during archive extraction can be bypassed by chaining multiple symbolic links within the archive. This allows a malicious attacker to cause files to be created outside of the target directory. Additionally if the attacker is able to read extracted files they may create symbolic links to arbitrary files on the system which the unpacker has permissions to read.


Proposed commits may contain signatures for blocks not contained within the commit. Instead of skipping these signatures, they cause failure during verification. A malicious proposer can use this to force consensus failures.


Parsing malformed JSON which contain opening brackets, but not closing brackets, leads to an infinite loop. If operating on untrusted user input this can be used as a denial of service vector.


Skip ignores unknown fields, rather than failing. A malicious user can craft small messages with unknown fields which can take significant resources to parse. If a server accepts messages from an untrusted user, it may be used as a denial of service vector.


A race while mounting volumes allows a possible symlink-exchange attack, allowing a user whom can start multiple containers with custom volume mount configurations to escape the container.


HTML content in markdown is not santized during rendering, possibly allowing XSS if used to render untrusted user input.


AppArmor restrictions may be bypassed due to improper validation of mount targets, allowing a malicious image to mount volumes over e.g. /proc.


Session data is stored using permissive permissions, allowing local users with filesystem access to read arbitrary data.


TLS certificate verification is skipped when connecting to a MQTT server. This allows an attacker who can MITM the connection to read, or forge, messages passed between the client and server.


Thirft Servers preallocate memory for the declared size of messages before checking the actual size of the message. This allows a malicious user to send messages that declare that they are significantly larger than they actually are, allowing them to force the server to allocate significant amounts of memory. This can be used as a denial of service vector.


The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, allowing an attacker that is able to MITM the connection to steal credentials.


A malformed query can cause an out-of-bounds panic due to improper validation of arguments. If processing queries from untrusted parties, this may be used as a vector for denial of service attacks.


The HTML parser does not properly handle "in frameset" insertion mode, and can be made to panic when operating on malformed HTML that contains <template> tags. If operating on user input, this may be a vector for a denial of service attack.


A user can use a valid client certificate that contains a CommonName that matches a valid RBAC username to authenticate themselves as that user, despite lacking the required credentials. This may allow authentication bypass, but requires a certificate that is issued by a CA trusted by the server.


A malicious JSON patch can cause a panic due to an out-of-bounds write attempt. This can be used as a denial of service vector if exposed to arbitrary user input.


Due to improper argument validation in RPC messages, a maliciously crafted message can cause a panic, leading to denial of service.


Arbitrary command execution can be triggered by improperly sanitized SSH URLs in LFS configuration files. This can be triggered by cloning a malicious repository.


Various storage methods do not impose limits on how much content is accepted from user requests, allowing a malicious user to force the caller to allocate an arbitrary amount of memory.


A race between chown and chmod operations during a container filesystem shift may allow a user who can modify the filesystem to chmod an arbitrary path of their choice, rather than the expected path.


GetExecUser in the package will improperly interpret numeric UIDs as usernames. If the method is used without verifying that usernames are formatted as expected, it may allow a user to gain unexpected privileges.


A number of math/big.Int methods can panic when provided large inputs due to a flawed division method.


The go command may execute arbitrary code at build time when using cgo on Windows. This can be triggered by running go get on a malicious module, or any other time the code is built.


Using Reader.Open on an archive containing a file with a path prefixed by "../" will cause a panic due to a stack overflow. If parsing user supplied archives, this may be used as a denial of service vector.


Attempting to read a malformed .dockercfg may cause secrets to be inappropriately logged.


Authorization tokens may be inappropriately logged if the verbosity level is set to a debug level.


Authorization tokens may be inappropriately logged if the verbosity level is set to a debug level.


Due to a nil pointer dereference, a malicously crafted RPC message can cause a panic. If handling RPC messages from untrusted clients, this may be used as a denial of service vector.


Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.


Due to the behavior of encoding/xml, a crafted XML document may cause XML Digital Signature validation to be entirely bypassed, causing an unsigned document to appear signed.


Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.


Due to the behavior of encoding/xml, a crafted XML document may cause XML Digital Signature validation to be entirely bypassed, causing an unsigned document to appear signed.


Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.


Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.


Due to improper bounds checking, maliciously crafted input to generated Unmarshal methods can cause an out-of-bounds panic. If parsing messages from untrusted parties, this may be used as a denial of service vector.


Due to improper HTTP header santization, a malicious user can spoof their source IP address by setting the X-Forwarded-For header. This may allow a user to bypass IP based restrictions, or obfuscate their true source.


Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.


Due to the behavior of encoding/xml, a crafted XML document may cause XML Digital Signature validation to be entirely bypassed, causing an unsigned document to appear signed.


Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.


LoadURL does not check the Content-Type of loaded resources, which can cause a panic due to nil pointer deference if the loaded resource is not XML. If user supplied URLs are loaded, this may be used as a denial of service vector.


XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.


Due to a nil pointer dereference, a malformed XML Digital Signature can cause a panic during validation. If user supplied signatures are being validated, this may be used as a denial of service vector.


CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.


Due to improper TLS verification when serving traffic for multiple SNIs, an attacker may bypass TLS client authentication by indicating an SNI during the TLS handshake that is different from the name in the HTTP Host header.


Due to improper path santization, RPMs containing relative file paths can cause files to be written (or overwritten) outside of the target directory.


Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.


Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector.


Due to improper request santization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks.


Due to improper verification of packets, unencrypted packets containing application data are accepted after the initial handshake. This allows an attacker to inject arbitrary data which the client/server believes was encrypted, despite not knowing the session key.


Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.


Due to unbounded aliasing, a crafted YAML file can cause consumption of significant system resources. If parsing user supplied input, this may be used as a denial of service vector.


Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.


Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.


Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.


Due to improper santization of user input, Controller.FileHandler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.


Due to a nil pointer dereference, parsing a malformed zone file containing TA records may cause a panic. If parsing user supplied input, this may be used as a denial of service vector.


After dropping and then elevating process privileges euid, guid, and groups are not properly restored to their original values, allowing an unprivileged user to gain membership in the root group.


Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.


Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.


The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow.


Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.


LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.


Due to improper santization of user input, a number of methods are vulnerable to SQL injection if used with user input that has not been santized by the caller.


Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.


An attacker can craft malicious WebSocket frames that cause an integer overflow in a variable which tracks the number of bytes remaining. This may cause the server or client to get stuck attempting to read frames in a loop, which can be used as a denial of service vector.


If a JWT contains an audience claim with an array of strings, rather than a single string, and MapClaims.VerifyAudience is called with req set to false, then audience verification will be bypassed, allowing an invalid set of audiences to be provided.


An attacker can construct a series of bytes such that calling Reader.Read on the bytes could cause an infinite loop. If parsing user supplied input, this may be used as a denial of service vector.


An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to transform.String. If used to parse user supplied input, this may be used as a denial of service vector.


html.Parse does not properly handle "select" tags, which can lead to an infinite loop. If parsing user supplied input, this may be used as a denial of service vector.


By default host key verification is disabled which allows for man-in-the-middle attacks against SSH clients if ClientConfig.HostKeyCallback is not set.


An attacker can craft an ssh-ed25519 or public key, such that the library will panic when trying to verify a signature with it. If verifying signatures using user supplied public keys, this may be used as a denial of service vector.


When using ECDH-ES an attacker can mount an invalid curve attack during decryption as the supplied public key is not checked to be on the same curve as the receivers private key.


On 32-bit platforms an attacker can manipulate a ciphertext encrypted with AES-CBC with HMAC such that they can control how large the input buffer is when computing the HMAC authentication tag. This can can allow a manipulated ciphertext to be verified as authentic, opening the door for padding oracle attacks.


DNS message transaction IDs are generated using math/rand which makes them relatively predictable. This reduces the complexity of response spoofing attacks against DNS clients.


Filters containing rules with multiple syscall arguments are improperly constructed, such that all arguments are required to match rather than any of the arguments (AND is used rather than OR). These filters can be bypassed by only specifying a subset of the arguments due to this behavior.


An attacker may prevent TCP connections to a Server by opening a connection and leaving it idle, until the connection is closed by the server no other connections will be accepted.


Malformed WALs can be constructed such that WAL.ReadAll can cause attempted out of bounds reads, or creation of arbitrarily sized slices, which may be used as a DoS vector.


If any of the ListenAndServe functions are called with an empty token, token authentication is disabled globally for all listeners. Also, a minor timing side channel was present allowing attackers with very low latency and able to make a lot of requests to potentially recover the token.


An attacker can cause an application that accepts slice parameters ( to allocate large amounts of memory and crash through manipulating the request query sent to the application.


The default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.

If you don't see an existing, public Go vulnerability in a publicly importable package in our database, please let us know.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL