View Code? Open in Web Editor
NEW
This project forked from simonwaldherr /golang-examples
Go(lang) examples - (explain the basics of #golang)
Home Page: https://github.com/SimonWaldherr/golang-examples/archive/master.zip
License: MIT License
Go 95.28%
Shell 2.66%
Assembly 0.08%
TeX 1.97%
golang-examples's Issues
CVE-2020-28852 - High Severity Vulnerability
Vulnerable Library - github.com/golang/text/internal/language-v0.3.3
[mirror] Go text processing support
Dependency Hierarchy:
simonwaldherr.de/go/gwv-v0.7.0 (Root Library)
github.com/golang/net/http2-v0.1.0
github.com/golang/net/http/httpguts-v0.1.0
github.com/golang/net/idna-v0.1.0
github.com/golang/text/secure/bidirule-v0.3.3
github.com/golang/text/unicode/bidi-v0.3.3
github.com/golang/text/unicode/rangetable-v0.3.3
github.com/golang/text/language-v0.3.3
❌ github.com/golang/text/internal/language-v0.3.3 (Vulnerable Library)
Vulnerability Details
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Publish Date: 2021-01-02
URL: CVE-2020-28852
CVSS 3 Score Details (7.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-28852
Release Date: 2021-01-02
Fix Resolution: golang-golang-x-text-dev - 0.3.5-1,0.3.5-1
CVE-2022-32149 - High Severity Vulnerability
Vulnerable Library - github.com/golang/text/language-v0.3.3
[mirror] Go text processing support
Dependency Hierarchy:
simonwaldherr.de/go/gwv-v0.7.0 (Root Library)
github.com/golang/net/http2-v0.1.0
github.com/golang/net/http/httpguts-v0.1.0
github.com/golang/net/idna-v0.1.0
github.com/golang/text/secure/bidirule-v0.3.3
github.com/golang/text/unicode/bidi-v0.3.3
github.com/golang/text/unicode/rangetable-v0.3.3
❌ github.com/golang/text/language-v0.3.3 (Vulnerable Library)
Vulnerability Details
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
Publish Date: 2022-10-14
URL: CVE-2022-32149
CVSS 3 Score Details (7.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-32149
Release Date: 2022-10-14
Fix Resolution: v0.3.8
CVE-2020-28851 - High Severity Vulnerability
Vulnerable Library - github.com/golang/text/internal/language-v0.3.3
[mirror] Go text processing support
Dependency Hierarchy:
simonwaldherr.de/go/gwv-v0.7.0 (Root Library)
github.com/golang/net/http2-v0.1.0
github.com/golang/net/http/httpguts-v0.1.0
github.com/golang/net/idna-v0.1.0
github.com/golang/text/secure/bidirule-v0.3.3
github.com/golang/text/unicode/bidi-v0.3.3
github.com/golang/text/unicode/rangetable-v0.3.3
github.com/golang/text/language-v0.3.3
❌ github.com/golang/text/internal/language-v0.3.3 (Vulnerable Library)
Vulnerability Details
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Publish Date: 2021-01-02
URL: CVE-2020-28851
CVSS 3 Score Details (7.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-28851
Release Date: 2021-01-02
Fix Resolution: golang-golang-x-text-dev - 0.3.6-1,0.3.6-1
CVE-2021-38561 - High Severity Vulnerability
Vulnerable Libraries - github.com/golang/text/internal/language-v0.3.3 , github.com/golang/text/language-v0.3.3
github.com/golang/text/internal/language-v0.3.3
[mirror] Go text processing support
Dependency Hierarchy:
simonwaldherr.de/go/gwv-v0.7.0 (Root Library)
github.com/golang/net/http2-v0.1.0
github.com/golang/net/http/httpguts-v0.1.0
github.com/golang/net/idna-v0.1.0
github.com/golang/text/secure/bidirule-v0.3.3
github.com/golang/text/unicode/bidi-v0.3.3
github.com/golang/text/unicode/rangetable-v0.3.3
github.com/golang/text/language-v0.3.3
❌ github.com/golang/text/internal/language-v0.3.3 (Vulnerable Library)
github.com/golang/text/language-v0.3.3
[mirror] Go text processing support
Dependency Hierarchy:
simonwaldherr.de/go/gwv-v0.7.0 (Root Library)
github.com/golang/net/http2-v0.1.0
github.com/golang/net/http/httpguts-v0.1.0
github.com/golang/net/idna-v0.1.0
github.com/golang/text/secure/bidirule-v0.3.3
github.com/golang/text/unicode/bidi-v0.3.3
github.com/golang/text/unicode/rangetable-v0.3.3
❌ github.com/golang/text/language-v0.3.3 (Vulnerable Library)
Vulnerability Details
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
Publish Date: 2022-12-26
URL: CVE-2021-38561
CVSS 3 Score Details (7.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://osv.dev/vulnerability/GO-2021-0113
Release Date: 2021-08-12
Fix Resolution: v0.3.7