Количество 81
Количество 81
GHSA-hw49-2p59-3mhj
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
ELSA-2024-7349
ELSA-2024-7349: grafana security update (MODERATE)
BDU:2024-06680
Уязвимость модуля net/http языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании
ROS-20241024-01
Уязвимость golang
ELSA-2024-9089
ELSA-2024-9089: containernetworking-plugins security update (MODERATE)
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip fil ...
ELSA-2024-5258
ELSA-2024-5258: container-tools:ol8 security update (IMPORTANT)
ROS-20240902-16
Множественные уязвимости consul
RLSA-2024:6913
Important: golang security update
ELSA-2024-6913
ELSA-2024-6913: golang security update (IMPORTANT)
ELSA-2024-6908
ELSA-2024-6908: go-toolset:ol8 security update (IMPORTANT)
ELSA-2024-6969
ELSA-2024-6969: container-tools:ol8 security update (MODERATE)
ELSA-2025-7256
ELSA-2025-7256: git-lfs security update (MODERATE)
GHSA-236w-p7wf-5ph8
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
BDU:2024-04485
Уязвимость пакета archive-zip языка программирования Golang, позволяющая нарушителю создать произвольный zip-файл
CVE-2022-4122
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
CVE-2022-4122
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-hw49-2p59-3mhj The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. | 0% Низкий | около 1 года назад | |
| ELSA-2024-7349 ELSA-2024-7349: grafana security update (MODERATE) | 10 месяцев назад | ||
 | BDU:2024-06680 Уязвимость модуля net/http языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.9 | 0% Низкий | около 1 года назад |
 | ROS-20241024-01 Уязвимость golang | CVSS3: 5.9 | 0% Низкий | 9 месяцев назад |
| ELSA-2024-9089 ELSA-2024-9089: containernetworking-plugins security update (MODERATE) | 9 месяцев назад | ||
 | CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | CVSS3: 5.5 | 0% Низкий | около 1 года назад |
 | CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
 | CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | CVSS3: 5.5 | 0% Низкий | около 1 года назад |
| CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip fil ... | CVSS3: 5.5 | 0% Низкий | около 1 года назад |
| ELSA-2024-5258 ELSA-2024-5258: container-tools:ol8 security update (IMPORTANT) | 12 месяцев назад | ||
| ROS-20240902-16 Множественные уязвимости consul | CVSS3: 6.5 | 11 месяцев назад | |
 | RLSA-2024:6913 Important: golang security update | 10 месяцев назад | ||
| ELSA-2024-6913 ELSA-2024-6913: golang security update (IMPORTANT) | 11 месяцев назад | ||
| ELSA-2024-6908 ELSA-2024-6908: go-toolset:ol8 security update (IMPORTANT) | 11 месяцев назад | ||
| ELSA-2024-6969 ELSA-2024-6969: container-tools:ol8 security update (MODERATE) | 10 месяцев назад | ||
| ELSA-2025-7256 ELSA-2025-7256: git-lfs security update (MODERATE) | 3 месяца назад | ||
| GHSA-236w-p7wf-5ph8 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | CVSS3: 5.5 | 0% Низкий | около 1 года назад |
| BDU:2024-04485 Уязвимость пакета archive-zip языка программирования Golang, позволяющая нарушителю создать произвольный zip-файл | CVSS3: 6.2 | 0% Низкий | около 1 года назад |
| CVE-2022-4122 A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. | CVSS3: 5.3 | 0% Низкий | больше 2 лет назад |
| CVE-2022-4122 A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. | CVSS3: 5.9 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу