| Bug | Description |
|---|
| CVE-2024-24785 | If errors returned from MarshalJSON methods contain user controlled da ... |
| CVE-2024-24784 | The ParseAddressList function incorrectly handles comments (text withi ... |
| CVE-2024-24783 | Verifying a certificate chain which contains a certificate with an unk ... |
| CVE-2023-45290 | When parsing a multipart form (either explicitly with Request.ParseMul ... |
| CVE-2023-45289 | When following an HTTP redirect to a domain which is not a subdomain m ... |
| CVE-2023-45288 | An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of ... |
| CVE-2023-45285 | Using go get to fetch a module with the ".git" suffix may unexpectedly ... |
| CVE-2023-45284 | On Windows, The IsLocal function does not correctly detect reserved de ... |
| CVE-2023-45283 | The filepath package does not recognize paths with a \??\ prefix as sp ... |
| CVE-2023-39326 | A malicious HTTP sender can use chunk extensions to cause a receiver r ... |
| CVE-2023-39325 | A malicious HTTP/2 client which rapidly creates requests and immediate ... |
| CVE-2023-39323 | Line directives ("//line") can be used to bypass the restrictions on " ... |
| CVE-2023-39322 | QUIC connections do not set an upper bound on the amount of data buffe ... |
| CVE-2023-39321 | Processing an incomplete post-handshake message for a QUIC connection ... |
| CVE-2023-39320 | The go.mod toolchain directive, introduced in Go 1.21, can be leverage ... |
| CVE-2023-39319 | The html/template package does not apply the proper rules for handling ... |
| CVE-2023-39318 | The html/template package does not properly handle HTML-like "" commen ... |