ALAS2-2022-1859 --- golang-github-gorilla-contextID: oval:org.secpod.oval:def:1701027 | Date: (C)2022-10-27 (M)2024-02-26 |
Class: PATCH | Family: unix |
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability. Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (CVE-2022-24675(CVE-2022-27191(CVE-2022-27664(CVE-2022-28131(((CVE-2022-28327(CVE-2022-29526(CVE-2022-30629(CVE-2022-30630(CVE-2022-30631(CVE-2022-30632(CVE-2022-30633(CVE-2022-30635(CVE-2022-32148
Product: |
golang-github-gorilla-context |