Download
| Alert*
|
oval:org.secpod.oval:def:704645
golang-1.10 is installed oval:org.secpod.oval:def:1900023 Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384elliptic curves, which allows attackers to cause a denial of service or possibly conduct ECDH private key recovery attacks. oval:org.secpod.oval:def:1900030 The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are ... oval:org.secpod.oval:def:1900043 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces . Specifically, it is only vulnerable in GOPATH mode, but not in module mode . The attacker can cause an ar ... oval:org.secpod.oval:def:1900148 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode,but not in m ... |
