*    CVE *     

SEVERITY

CVSS

    PACKAGE     

VERSION

          STATUS         

PUBLISHED 

DISCOVERED

  *                  DESCRIPTION *                   

CVE-2022-41715

high    

7.50

go              

1.18.3 

fixed in 1.19.2, 1.18.7 

> 4 months

< 1 hour  

Programs which compile regular expressions from   

> 4 months ago          

untrusted sources may be vulnerable to memory     

exhaustion or denial of service. The parsed regexp

repre...                                          

CVE-2022-32190

high    

7.50

go              

1.18.3 

fixed in 1.18.6         

> 5 months

< 1 hour  

JoinPath and URL.JoinPath do not remove ../ path  

> 5 months ago          

elements appended to a relative path. For example,

JoinPath(\"https://go.dev\", \"../go\") returns   

th...                                             

CVE-2022-32189

high    

7.50

go              

1.18.3 

fixed in 1.18.5, 1.17.13

> 6 months

< 1 hour  

A too-short encoded message can cause a panic in  

> 6 months ago          

Float.GobDecode and Rat GobDecode in math/big in  

Go before 1.17.13 and 1.18.5, potentially allowing

a...                                              

CVE-2022-30635

high    

7.50

go              

1.18.3 

fixed in 1.18.4, 1.17.12

> 6 months

< 1 hour  

Uncontrolled recursion in Decoder.Decode in       

> 6 months ago          

encoding/gob before Go 1.17.12 and Go 1.18.4      

allows an attacker to cause a panic due to stack  

exhaustion v...                                   

CVE-2022-30633

high    

7.50

go              

1.18.3 

fixed in 1.18.4, 1.17.12

> 6 months

< 1 hour  

Uncontrolled recursion in Unmarshal in            

> 6 months ago          

encoding/xml before Go 1.17.12 and Go 1.18.4      

allows an attacker to cause a panic due to stack  

exhaustion via un...                              

CVE-2022-30632

high    

7.50

go              

1.18.3 

fixed in 1.18.4, 1.17.12

> 6 months

< 1 hour  

Uncontrolled recursion in Glob in path/filepath   

> 6 months ago          

before Go 1.17.12 and Go 1.18.4 allows an attacker

to cause a panic due to stack exhaustion via a    

path...                                           

CVE-2022-30631

high    

7.50

go              

1.18.3 

fixed in 1.18.4, 1.17.12

> 6 months

< 1 hour  

Uncontrolled recursion in Reader.Read in          

> 6 months ago          

compress/gzip before Go 1.17.12 and Go 1.18.4     

allows an attacker to cause a panic due to stack  

exhaustion via...                                 

CVE-2022-30630

high    

7.50

go              

1.18.3 

fixed in 1.18.4, 1.17.12

> 6 months

< 1 hour  

Uncontrolled recursion in Glob in io/fs before Go 

> 6 months ago          

1.17.12 and Go 1.18.4 allows an attacker to cause 

a panic due to stack exhaustion via a path which  

c...                                              

CVE-2022-2880 

high    

7.50

go              

1.18.3 

fixed in 1.19.2, 1.18.7 

> 4 months

< 1 hour  

Requests forwarded by ReverseProxy include the    

> 4 months ago          

raw query parameters from the inbound request,    

including unparseable parameters rejected by      

net/http. T...                                    

CVE-2022-2879 

high    

7.50

go              

1.18.3 

fixed in 1.19.2, 1.18.7 

> 4 months

< 1 hour  

Reader.Read does not set a limit on the maximum   

> 4 months ago          

size of file headers. A maliciously crafted       

archive could cause Read to allocate unbounded    

amounts of ...                                    

CVE-2022-28131

high    

7.50

go              

1.18.3 

fixed in 1.18.4, 1.17.12

> 6 months

< 1 hour  

Uncontrolled recursion in Decoder.Skip in         

> 6 months ago          

encoding/xml before Go 1.17.12 and Go 1.18.4      

allows an attacker to cause a panic due to stack  

exhaustion via...                                 

CVE-2022-27664

high    

7.50

go              

1.18.3 

fixed in 1.19.1, 1.18.6 

> 5 months

< 1 hour  

In net/http in Go before 1.18.6 and 1.19.x before 

> 5 months ago          

1.19.1, attackers can cause a denial of service   

because an HTTP/2 connection can hang during      

closing...                                        

CVE-2022-32148

medium  

6.50

go              

1.18.3 

fixed in 1.18.4, 1.17.12

> 6 months

< 1 hour  

Improper exposure of client IP addresses          

> 6 months ago          

in net/http before Go 1.17.12 and Go              

1.18.4 can be triggered by calling                

httputil.ReverseProxy.ServeHTTP with ...          

CVE-2022-1705 

medium  

6.50

go              

1.18.3 

fixed in 1.18.4, 1.17.12

> 6 months

< 1 hour  

Acceptance of some invalid Transfer-Encoding      

> 6 months ago          

headers in the HTTP/1 client in net/http before   

Go 1.17.12 and Go 1.18.4 allows HTTP request      

smuggling if...                                   

CVE-2022-1962 

medium  

5.50

go              

1.18.3 

fixed in 1.18.4, 1.17.12

> 6 months

< 1 hour  

Uncontrolled recursion in the Parse functions in  

> 6 months ago          

go/parser before Go 1.17.12 and Go 1.18.4 allow an

attacker to cause a panic due to stack exhaustion 

...                                               

CVE-2022-41716

medium  

5.40

go              

1.18.3 

fixed in 1.19.3, 1.18.8 

> 3 months

< 1 hour  

Due to unsanitized NUL values, attackers may be   

> 3 months ago          

able to maliciously set environment variables on  

Windows. In syscall.StartProcess and os/exec.Cmd, 

inv...                                            

CVE-2022-41717

medium  

5.30

go              

1.18.3 

fixed in 1.19.4, 1.18.9 

74 days   

< 1 hour  

An attacker can cause excessive memory growth in a

70 days ago             

Go server accepting HTTP/2 requests. HTTP/2 server

connections contain a cache of HTTP header keys   

...                                               

CVE-2022-41723

low     

1.00

golang.org/x/net

v0.4.0 

fixed in 0.7.0          

4 days    

< 1 hour  

A maliciously crafted HTTP/2 stream could cause   

4 days ago              

excessive CPU consumption in the HPACK decoder,   

sufficient to cause a denial of service from a    

small n...