| Bug | Description |
|---|
| CVE-2022-41720 | On Windows, restricted files can be accessed via os.DirFS and http.Dir ... |
| CVE-2022-41717 | An attacker can cause excessive memory growth in a Go server accepting ... |
| CVE-2022-41716 | Due to unsanitized NUL values, attackers may be able to maliciously se ... |
| CVE-2022-41715 | Programs which compile regular expressions from untrusted sources may ... |
| CVE-2022-32190 | JoinPath and URL.JoinPath do not remove ../ path elements appended to ... |
| CVE-2022-32189 | A too-short encoded message can cause a panic in Float.GobDecode and R ... |
| CVE-2022-32148 | Improper exposure of client IP addresses in net/http before Go 1.17.12 ... |
| CVE-2022-30635 | Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.1 ... |
| CVE-2022-30633 | Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 ... |
| CVE-2022-30632 | Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and ... |
| CVE-2022-30631 | Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17. ... |
| CVE-2022-30630 | Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18. ... |
| CVE-2022-27664 | In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers ca ... |
| CVE-2022-2880 | Requests forwarded by ReverseProxy include the raw query parameters fr ... |
| CVE-2022-2879 | Reader.Read does not set a limit on the maximum size of file headers. ... |
| CVE-2022-1962 | Uncontrolled recursion in the Parse functions in go/parser before Go 1 ... |
| CVE-2022-1705 | Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 cli ... |