Hunter Wittenborn discovered that Go incorrectly handled the sanitization
of environment variables. An attacker could possibly use this issue to run
arbitrary commands. (CVE-2023-24531)
Sohom Datta discovered that Go did not properly validate backticks (`) as
Javascript string delimiters, and did not escape them as expected. An
attacker could possibly use this issue to inject arbitrary Javascript code
into the Go template. (CVE-2023-24538)
Juho Nurminen discovered that Go incorrectly handled certain special
characters in directory or file paths. An attacker could possibly use
this issue to inject code into the resulting binaries. (CVE-2023-29402)
Vincent Dehors discovered that Go incorrectly handled permission bits.
An attacker could possibly use this issue to read or write files with
elevated privileges. (CVE-2023-29403)
Juho Nurminen discovered that Go incorrectly handled certain crafted
arguments. An attacker could possibly use this issue to execute arbitrary
code at build time. (CVE-2023-29405)
It was discovered that Go incorrectly validated the contents of host
headers. A remote attacker could possibly use this issue to inject
additional headers or entire requests. (CVE-2023-29406)
Takeshi Kaneko discovered that Go did not properly handle comments and
special tags in the script context of html/template module. An attacker
could possibly use this issue to inject Javascript code and perform a
cross-site scripting attack. (CVE-2023-39318, CVE-2023-39319)
It was discovered that Go did not limit the number of simultaneously
executing handler goroutines in the net/http module. An attacker could
possibly use this issue to cause a panic resulting in a denial of service.
(CVE-2023-39325)
It was discovered that the Go html/template module did not validate errors
returned from MarshalJSON methods. An attacker could possibly use this
issue to inject arbitrary code into the Go template. (CVE-2024-24785)
More Stories
thunderbird-128.3.1-1.fc40
FEDORA-2024-5b8cfa7937 Packages in this update: thunderbird-128.3.1-1.fc40 Update description: Update to 128.3.1 https://www.thunderbird.net/en-US/thunderbird/128.3.1esr/releasenotes/ Update to 128.3.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/ https://www.thunderbird.net/en-US/thunderbird/128.3.0esr/releasenotes/ Read More
thunderbird-128.3.1-1.fc41
FEDORA-2024-86ce15bf13 Packages in this update: thunderbird-128.3.1-1.fc41 Update description: Update to 128.3.1 https://www.thunderbird.net/en-US/thunderbird/128.3.1esr/releasenotes/ Update to 128.3.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/ https://www.thunderbird.net/en-US/thunderbird/128.3.0esr/releasenotes/ Read More
thunderbird-115.16.0-1.fc39
FEDORA-2024-18ac02a385 Packages in this update: thunderbird-115.16.0-1.fc39 Update description: Update to 115.16.0 https://www.thunderbird.net/en-US/thunderbird/115.16.0esr/releasenotes/ Read More
oath-toolkit-2.6.12-1.el8
FEDORA-EPEL-2024-af2d187f08 Packages in this update: oath-toolkit-2.6.12-1.el8 Update description: This is new version fixing possible local privilege escalation. Read More
oath-toolkit-2.6.12-1.el9
FEDORA-EPEL-2024-e7551e4450 Packages in this update: oath-toolkit-2.6.12-1.el9 Update description: This is new version fixing possible local privilege escalation. Read More
oath-toolkit-2.6.12-1.fc39
FEDORA-2024-dad1d2b46a Packages in this update: oath-toolkit-2.6.12-1.fc39 Update description: This is new version fixing possible local privilege escalation. Read More