Download
| Alert*
CVE-2020-24553
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVE-2020-28367 Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. CVE-2020-28366 Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. CVE-2020-28362 Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. |