| Bug | Description |
|---|
| CVE-2023-45287 | Before Go 1.20, the RSA based TLS key exchanges used the math/big libr ... |
| CVE-2023-45285 | Using go get to fetch a module with the ".git" suffix may unexpectedly ... |
| CVE-2023-45284 | On Windows, The IsLocal function does not correctly detect reserved de ... |
| CVE-2023-45283 | The filepath package does not recognize paths with a \??\ prefix as sp ... |
| CVE-2023-39326 | A malicious HTTP sender can use chunk extensions to cause a receiver r ... |
| CVE-2023-39325 | A malicious HTTP/2 client which rapidly creates requests and immediate ... |
| CVE-2023-39323 | Line directives ("//line") can be used to bypass the restrictions on " ... |
| CVE-2023-39319 | The html/template package does not apply the proper rules for handling ... |
| CVE-2023-39318 | The html/template package does not properly handle HTML-like "" commen ... |
| CVE-2023-29409 | Extremely large RSA keys in certificate chains can cause a client/serv ... |
| CVE-2023-29406 | The HTTP/1 client does not fully validate the contents of the Host hea ... |
| CVE-2023-29405 | The go command may execute arbitrary code at build time when using cgo ... |
| CVE-2023-29404 | The go command may execute arbitrary code at build time when using cgo ... |
| CVE-2023-29403 | On Unix platforms, the Go runtime does not behave differently when a b ... |
| CVE-2023-29402 | The go command may generate unexpected code at build time when using c ... |
| CVE-2023-29400 | Templates containing actions in unquoted HTML attributes (e.g. "attr={ ... |
| CVE-2023-24540 | Not all valid JavaScript whitespace characters are considered to be wh ... |
| CVE-2023-24539 | Angle brackets (<>) are not considered dangerous characters when inser ... |
| CVE-2023-24538 | Templates do not properly consider backticks (`) as Javascript string ... |
| CVE-2023-24537 | Calling any of the Parse functions on Go source code which contains // ... |
| CVE-2023-24536 | Multipart form parsing can consume large amounts of CPU and memory whe ... |
| CVE-2023-24534 | HTTP and MIME header parsing can allocate large amounts of memory, eve ... |
| CVE-2023-24532 | The ScalarMult and ScalarBaseMult methods of the P256 Curve may return ... |
| CVE-2022-41725 | A denial of service is possible from excessive resource consumption in ... |
| CVE-2022-41724 | Large handshake records may cause panics in crypto/tls. Both clients a ... |
| CVE-2022-41723 | A maliciously crafted HTTP/2 stream could cause excessive CPU consumpt ... |
| CVE-2022-41722 | A path traversal vulnerability exists in filepath.Clean on Windows. On ... |