UbuntuUpdates.org

Bugs fixes in "golang-1.17"

Origin Bug number Title Date fixed
CVE CVE-2023-39319 The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script 2024-10-10
CVE CVE-2023-39318 The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may caus 2024-10-10
CVE CVE-2023-29406 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire 2024-10-10
CVE CVE-2023-29405 The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running a 2024-10-10
CVE CVE-2023-29404 The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running a 2024-10-10
CVE CVE-2023-29403 On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain case 2024-10-10
CVE CVE-2023-29402 The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses 2024-10-10
CVE CVE-2023-24538 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, 2024-10-10
CVE CVE-2023-24531 Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its ou 2024-10-10
CVE CVE-2024-24785 If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html 2024-10-10
CVE CVE-2023-39325 A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total 2024-10-10
CVE CVE-2023-39319 The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script 2024-10-10
CVE CVE-2023-39318 The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may caus 2024-10-10
CVE CVE-2023-29406 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire 2024-10-10
CVE CVE-2023-29405 The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running a 2024-10-10
CVE CVE-2023-29404 The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running a 2024-10-10
CVE CVE-2023-29403 On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain case 2024-10-10
CVE CVE-2023-29402 The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses 2024-10-10
CVE CVE-2023-24538 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, 2024-10-10
CVE CVE-2023-24531 Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its ou 2024-10-10



About   -   Send Feedback to @ubuntu_updates