go-pie

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Unknown
Version Removed

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1051 2:1.13.1-1 2:1.13.3-1 Medium Fixed
AVG-1050 2:1.12.9-1 2:1.13.1-1 High Fixed
AVG-1020 2:1.12.7-1 2:1.12.8-1 Medium Fixed
AVG-859 2:1.11.4-1 2:1.11.5-1 Medium Fixed
AVG-835 2:1.11.2-2 2:1.11.3-1 High Fixed
AVG-606 1.9.3-1 1.9.4-1 High Fixed
AVG-442 2:1.9-1 2:1.9.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-17596 AVG-1051 Medium Yes Denial of service
Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic,...
CVE-2019-16276 AVG-1050 High Yes Access restriction bypass
net/http (through net/textproto) in Go before 1.12.0 and 1.13.1 used to accept and normalize invalid HTTP/1.1 headers with a space before the colon, in...
CVE-2019-14809 AVG-1020 Medium Yes Insufficient validation
An issue has been found in Go before 1.12.8, where url.Parse would accept URLs with malformed hosts, such that the Host field could have arbitrary suffixes...
CVE-2019-9514 AVG-1020 Medium Yes Denial of service
An issue has been found in several HTTP/2 implementations, where the attacker opens a number of streams and sends an invalid request over each stream that...
CVE-2019-9512 AVG-1020 Medium Yes Denial of service
An issue has been found in several HTTP/2 implementations, where the attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal...
CVE-2019-6486 AVG-859 Medium Yes Private key recovery
Go before versions 1.10.8 and 1.11.5 has a vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves. A remote attacker...
CVE-2018-16875 AVG-835 Medium Yes Denial of service
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might...
CVE-2018-16874 AVG-835 High Yes Directory traversal
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go...
CVE-2018-16873 AVG-835 High Yes Arbitrary command execution
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path...
CVE-2018-6574 AVG-606 High Yes Arbitrary code execution
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by...
CVE-2017-15041 AVG-442 High Yes Arbitrary command execution
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that...

Advisories

Date Advisory Group Severity Type
21 Oct 2019 ASA-201910-11 AVG-1051 Medium denial of service
24 Aug 2019 ASA-201908-16 AVG-1020 Medium multiple issues
24 Jan 2019 ASA-201901-10 AVG-859 Medium private key recovery
18 Dec 2018 ASA-201812-12 AVG-835 High multiple issues
09 Feb 2018 ASA-201802-3 AVG-606 High arbitrary code execution
12 Oct 2017 ASA-201710-16 AVG-442 High arbitrary command execution