Debian Golang-1.15 vulnerabilities

146 known vulnerabilities affecting debian/golang-1.15.

Total CVEs
146
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH60MEDIUM43LOW31

Vulnerabilities

Page 8 of 8
CVE-2020-24553MEDIUMCVSS 6.1fixed in golang-1.15 1.15.2-1 (bullseye)2020
CVE-2020-24553 [MEDIUM] CVE-2020-24553: golang-1.15 - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the de... Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. Scope: local bullseye: resolved (fixed in 1.15.2-1)
debian
CVE-2020-15586MEDIUMCVSS 5.9fixed in golang-1.15 1.15~rc1-1 (bullseye)2020
CVE-2020-15586 [MEDIUM] CVE-2020-15586: golang-1.15 - Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http serv... Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. Scope: local bullseye: resolved (fixed in 1.15~rc1-1)
debian
CVE-2020-29509LOWCVSS 9.82020
CVE-2020-29509 [CRITICAL] CVE-2020-29509: golang-1.15 - The encoding/xml package in Go (all versions) does not correctly preserve the se... The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. Scope: local bullseye: open
debian
CVE-2020-29511LOWCVSS 9.82020
CVE-2020-29511 [CRITICAL] CVE-2020-29511: golang-1.15 - The encoding/xml package in Go (all versions) does not correctly preserve the se... The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. Scope: local bullseye: open
debian
CVE-2020-14039LOWCVSS 5.32020
CVE-2020-14039 [MEDIUM] CVE-2020-14039: golang-1.15 - In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a che... In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete. Scope: local bullseye: resolved
debian
CVE-2020-29510LOWCVSS 9.82020
CVE-2020-29510 [CRITICAL] CVE-2020-29510: golang-1.15 - The encoding/xml package in Go versions 1.15 and earlier does not correctly pres... The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. Scope: local bullseye: open
debian
← Previous8 / 8