AVG-1357 log
Package | go |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 2:1.16.7-1 |
Fixed | 2:1.17-1 |
Current | 2:1.23.2-1 [extra] |
Ticket | None |
Created | Mon Dec 14 20:05:03 2020 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-29923 | Medium | Yes | Access restriction bypass | Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to... |
CVE-2020-29511 | Medium | No | Incorrect calculation | Go's encoding/xml handles namespace prefixes on XML elements in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and... |
CVE-2020-29510 | Medium | Yes | Incorrect calculation | Go's encoding/xml handles XML directives in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder... |
CVE-2020-29509 | Medium | Yes | Incorrect calculation | Go's encoding/xml handles namespace prefixes on XML attributes in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and... |