{ "@context": "https://openvex.dev/ns/v0.2.0", "@id": "govulncheck/vex:feedffb40f5909016273950ec5f50c762e59fb28275c5a421f2a83f7df80ea41", "author": "Unknown Author", "timestamp": "2024-06-29T05:08:45.110288Z", "version": 1, "tooling": "https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck", "statements": [ { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2020-0012", "name": "GO-2020-0012", "description": "Panic due to improper verification of cryptographic signatures in golang.org/x/crypto/ssh", "aliases": [ "CVE-2020-9283", "GHSA-ffhg-7mh4-33c4" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2020-0013", "name": "GO-2020-0013", "description": "Man-in-the-middle attack in golang.org/x/crypto/ssh", "aliases": [ "CVE-2017-3204", "GHSA-xhjq-w7xm-p8qj" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2020-0014", "name": "GO-2020-0014", "description": "Infinite loop due to improper handling of \"select\" tags in golang.org/x/net/html", "aliases": [ "CVE-2018-17846", "GHSA-vfw5-hrgq-h5wf" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2020-0015", "name": "GO-2020-0015", "description": "Infinite loop when decoding some inputs in golang.org/x/text", "aliases": [ "CVE-2020-14040", "GHSA-5rcv-m4m3-hfh7" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2020-0019", "name": "GO-2020-0019", "description": "Integer overflow in github.com/gorilla/websocket", "aliases": [ "CVE-2020-27813", "GHSA-3xh2-74w9-5vxm", "GHSA-jf24-p9p9-4rjh" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2020-0036", "name": "GO-2020-0036", "description": "Excessive resource consumption in YAML parsing in gopkg.in/yaml.v2", "aliases": [ "CVE-2019-11254", "GHSA-wxc4-f4m6-wwqv" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0053", "name": "GO-2021-0053", "description": "Panic due to improper input validation in github.com/gogo/protobuf", "aliases": [ "CVE-2021-3121", "GHSA-c3h9-896r-86jm" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0061", "name": "GO-2021-0061", "description": "Denial of service in gopkg.in/yaml.v2", "aliases": [ "CVE-2021-4235", "GHSA-r88r-gmrh-7j83" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0064", "name": "GO-2021-0064", "description": "Unauthorized credential disclosure via debug logs in k8s.io/kubernetes and k8s.io/client-go", "aliases": [ "CVE-2020-8565", "GHSA-8cfg-vx93-jvxw" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0065", "name": "GO-2021-0065", "description": "Unauthorized credential disclosure in k8s.io/kubernetes and k8s.io/client-go", "aliases": [ "CVE-2019-11250", "GHSA-jmrx-5g74-6v2f" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0066", "name": "GO-2021-0066", "description": "Sensitive information leak via log file in k8s.io/kubernetes", "aliases": [ "CVE-2020-8564", "GHSA-8mjg-8c8g-6h85" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0067", "name": "GO-2021-0067", "description": "Panic when opening archives in archive/zip", "aliases": [ "CVE-2021-27919" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0069", "name": "GO-2021-0069", "description": "Panic during division of very large numbers in math/big", "aliases": [ "CVE-2020-28362" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0070", "name": "GO-2021-0070", "description": "Privilege escalation in github.com/opencontainers/runc", "aliases": [ "CVE-2016-3697", "GHSA-q3j5-32m5-58c2" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0078", "name": "GO-2021-0078", "description": "Panic when parsing malformed HTML in golang.org/x/net/html", "aliases": [ "CVE-2018-17075", "GHSA-5p4h-3377-7w67" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0085", "name": "GO-2021-0085", "description": "Authorization bypass in github.com/opencontainers/runc", "aliases": [ "CVE-2019-16884", "GHSA-fgv8-vj5c-2ppq" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0087", "name": "GO-2021-0087", "description": "Race condition in github.com/opencontainers/runc", "aliases": [ "CVE-2019-19921", "GHSA-fh74-hm69-rqjw" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0113", "name": "GO-2021-0113", "description": "Out-of-bounds read in golang.org/x/text/language", "aliases": [ "CVE-2021-38561", "GHSA-ppp9-7jff-5vj2" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0142", "name": "GO-2021-0142", "description": "Unbounded read from invalid inputs in encoding/binary", "aliases": [ "CVE-2020-16845", "GHSA-q6gq-997w-f55g" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0154", "name": "GO-2021-0154", "description": "Man-in-the-middle attack with SessionTicketsDisabled in crypto/tls", "aliases": [ "CVE-2014-7189" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0159", "name": "GO-2021-0159", "description": "Request smuggling due to improper header parsing in net/http", "aliases": [ "CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0160", "name": "GO-2021-0160", "description": "Incorrect calculation affecting RSA computations in math/big", "aliases": [ "CVE-2015-8618" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0163", "name": "GO-2021-0163", "description": "Privilege escalation on Windows via malicious DLL in syscall", "aliases": [ "CVE-2016-3958" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0172", "name": "GO-2021-0172", "description": "Denial of service when parsing large forms in mime/multipart", "aliases": [ "CVE-2017-1000098" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0178", "name": "GO-2021-0178", "description": "Cleartext transmission of credentials in net/smtp", "aliases": [ "CVE-2017-15042" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0223", "name": "GO-2021-0223", "description": "Certificate verification error on Windows in crypto/x509", "aliases": [ "CVE-2020-14039" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0224", "name": "GO-2021-0224", "description": "Data race and crash in net/http", "aliases": [ "CVE-2020-15586" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0226", "name": "GO-2021-0226", "description": "Cross-site scripting in net/http/cgi and net/http/fcgi", "aliases": [ "CVE-2020-24553" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0227", "name": "GO-2021-0227", "description": "Panic on crafted authentication request message in golang.org/x/crypto/ssh", "aliases": [ "CVE-2020-29652", "GHSA-3vm4-22fp-5rfm" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0234", "name": "GO-2021-0234", "description": "Infinite loop when decoding inputs in encoding/xml", "aliases": [ "CVE-2021-27918" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0235", "name": "GO-2021-0235", "description": "Incorrect operations on the P-224 curve in crypto/elliptic", "aliases": [ "CVE-2021-3114" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0238", "name": "GO-2021-0238", "description": "Infinite loop when parsing inputs in golang.org/x/net/html", "aliases": [ "CVE-2021-33194", "GHSA-83g2-8m93-v3w7" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0239", "name": "GO-2021-0239", "description": "Improper sanitization when resolving values from DNS in net", "aliases": [ "CVE-2021-33195" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0240", "name": "GO-2021-0240", "description": "Panic when reading certain archives in archive/zip", "aliases": [ "CVE-2021-33196" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0241", "name": "GO-2021-0241", "description": "Attacker can drop certain headers in net/http/httputil", "aliases": [ "CVE-2021-33197" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0242", "name": "GO-2021-0242", "description": "Panic on inputs with large exponents in math/big", "aliases": [ "CVE-2021-33198" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0243", "name": "GO-2021-0243", "description": "Panic on certain certificates in crypto/tls", "aliases": [ "CVE-2021-34558" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0245", "name": "GO-2021-0245", "description": "Panic in ReverseProxy in net/http/httputil", "aliases": [ "CVE-2021-36221" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0263", "name": "GO-2021-0263", "description": "Panic on invalid symbol tables in debug/macho", "aliases": [ "CVE-2021-41771" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0264", "name": "GO-2021-0264", "description": "Panic when opening certain archives in archive/zip", "aliases": [ "CVE-2021-41772" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0317", "name": "GO-2021-0317", "description": "Uncontrolled memory consumption in math/big", "aliases": [ "CVE-2022-23772" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0319", "name": "GO-2021-0319", "description": "Incorrect computation for some invalid field elements in crypto/elliptic", "aliases": [ "CVE-2022-23806" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0347", "name": "GO-2021-0347", "description": "Stack exhaustion when compiling deeply nested expressions in regexp", "aliases": [ "CVE-2022-24921" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2021-0356", "name": "GO-2021-0356", "description": "Denial of service via crafted Signer in golang.org/x/crypto/ssh", "aliases": [ "CVE-2022-27191", "GHSA-8c26-wmh5-6g9v" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0166", "name": "GO-2022-0166", "description": "Denial of service due to unchecked parameters in crypto/dsa", "aliases": [ "CVE-2016-3959" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0171", "name": "GO-2022-0171", "description": "Mishandled trust preferences for root certificates on Darwin in crypto/x509", "aliases": [ "CVE-2017-1000097" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0187", "name": "GO-2022-0187", "description": "Incorrect computation for P-256 curves in crypto/elliptic", "aliases": [ "CVE-2017-8932" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0191", "name": "GO-2022-0191", "description": "Denial of service in chain verification in crypto/x509", "aliases": [ "CVE-2018-16875" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0192", "name": "GO-2022-0192", "description": "Incorrect parsing of nested templates in golang.org/x/net/html", "aliases": [ "CVE-2018-17142", "GHSA-2wp2-chmh-r934" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0193", "name": "GO-2022-0193", "description": "Panic on unconsidered isindex and template combination in golang.org/x/net/html", "aliases": [ "CVE-2018-17143", "GHSA-fcf9-6fv2-fc5v" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0197", "name": "GO-2022-0197", "description": "Panic when parsing certain inputs in golang.org/x/net/html", "aliases": [ "CVE-2018-17847", "CVE-2018-17848", "GHSA-4r78-hx75-jjj2", "GHSA-mv93-wvcp-7m7r" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0209", "name": "GO-2022-0209", "description": "Insufficiently random values in golang.org/x/crypto/salsa20", "aliases": [ "CVE-2019-11840", "GHSA-r5c5-pr8j-pfp7" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0211", "name": "GO-2022-0211", "description": "Incorrect parsing validation in net/url", "aliases": [ "CVE-2019-14809" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0212", "name": "GO-2022-0212", "description": "Request smuggling due to accepting invalid headers in net/http via net/textproto", "aliases": [ "CVE-2019-16276" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0213", "name": "GO-2022-0213", "description": "Panic on invalid DSA public keys in crypto/dsa", "aliases": [ "CVE-2019-17596" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0217", "name": "GO-2022-0217", "description": "Denial of service affecting P-521 and P-384 curves in crypto/elliptic", "aliases": [ "CVE-2019-6486" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0220", "name": "GO-2022-0220", "description": "DLL injection on Windows in runtime and syscall", "aliases": [ "CVE-2019-9634" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0229", "name": "GO-2022-0229", "description": "Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte", "aliases": [ "CVE-2020-7919", "GHSA-cjjc-xp8v-855w" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0236", "name": "GO-2022-0236", "description": "Panic due to large headers in net/http and golang.org/x/net/http/httpguts", "aliases": [ "CVE-2021-31525", "GHSA-h86h-8ppg-mxmh" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0273", "name": "GO-2022-0273", "description": "Panic due to crafted inputs in archive/zip", "aliases": [ "CVE-2021-39293" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0274", "name": "GO-2022-0274", "description": "Namespace restriction bypass in github.com/opencontainers/runc", "aliases": [ "CVE-2021-43784", "GHSA-v95c-p5hm-xq8f" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0288", "name": "GO-2022-0288", "description": "Unbounded memory growth in net/http and golang.org/x/net/http2", "aliases": [ "CVE-2021-44716", "GHSA-vc3p-29h2-gpcp" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0289", "name": "GO-2022-0289", "description": "Misdirected I/O in syscall", "aliases": [ "CVE-2021-44717" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0322", "name": "GO-2022-0322", "description": "Uncontrolled resource consumption in github.com/prometheus/client_golang", "aliases": [ "CVE-2022-21698", "GHSA-cg3q-j54f-5p7p" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0433", "name": "GO-2022-0433", "description": "Stack overflow from a large amount of PEM data in encoding/pem", "aliases": [ "CVE-2022-24675" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0434", "name": "GO-2022-0434", "description": "Panic during certificate parsing on Darwin in crypto/x509", "aliases": [ "CVE-2022-27536" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0435", "name": "GO-2022-0435", "description": "Panic due to large inputs affecting P-256 curves in crypto/elliptic", "aliases": [ "CVE-2022-28327" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0477", "name": "GO-2022-0477", "description": "Indefinite hang with large buffers on Windows in crypto/rand", "aliases": [ "CVE-2022-30634" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0493", "name": "GO-2022-0493", "description": "Incorrect privilege reporting in syscall and golang.org/x/sys/unix", "aliases": [ "CVE-2022-29526", "GHSA-p782-xgp4-8hr8" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0515", "name": "GO-2022-0515", "description": "Stack exhaustion due to deeply nested types in go/parser", "aliases": [ "CVE-2022-1962" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0520", "name": "GO-2022-0520", "description": "Exposure of client IP addresses in net/http", "aliases": [ "CVE-2022-32148" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0521", "name": "GO-2022-0521", "description": "Stack exhaustion from deeply nested XML documents in encoding/xml", "aliases": [ "CVE-2022-28131" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0522", "name": "GO-2022-0522", "description": "Stack exhaustion on crafted paths in path/filepath", "aliases": [ "CVE-2022-30632" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0523", "name": "GO-2022-0523", "description": "Stack exhaustion when unmarshaling certain documents in encoding/xml", "aliases": [ "CVE-2022-30633" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0524", "name": "GO-2022-0524", "description": "Stack exhaustion when reading certain archives in compress/gzip", "aliases": [ "CVE-2022-30631" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0525", "name": "GO-2022-0525", "description": "Improper sanitization of Transfer-Encoding headers in net/http", "aliases": [ "CVE-2022-1705" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0526", "name": "GO-2022-0526", "description": "Stack exhaustion when decoding certain messages in encoding/gob", "aliases": [ "CVE-2022-30635" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0527", "name": "GO-2022-0527", "description": "Stack exhaustion in Glob on certain paths in io/fs", "aliases": [ "CVE-2022-30630" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0531", "name": "GO-2022-0531", "description": "Session tickets lack random ticket_age_add in crypto/tls", "aliases": [ "CVE-2022-30629" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0532", "name": "GO-2022-0532", "description": "Empty Cmd.Path can trigger unintended binary in os/exec on Windows", "aliases": [ "CVE-2022-30580" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0533", "name": "GO-2022-0533", "description": "Path traversal via Clean on Windows in path/filepath", "aliases": [ "CVE-2022-29804" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0535", "name": "GO-2022-0535", "description": "Certificate validation bypass on Windows in crypto/x509", "aliases": [ "CVE-2020-0601" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0536", "name": "GO-2022-0536", "description": "Reset flood in net/http and golang.org/x/net/http", "aliases": [ "CVE-2019-9512", "CVE-2019-9514", "GHSA-39qc-96h7-956f", "GHSA-hgr8-6h9x-f7q9" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0537", "name": "GO-2022-0537", "description": "Panic when decoding Float and Rat types in math/big", "aliases": [ "CVE-2022-32189" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0603", "name": "GO-2022-0603", "description": "Panic in gopkg.in/yaml.v3", "aliases": [ "CVE-2022-28948", "GHSA-hp87-p4gw-j4gq" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0619", "name": "GO-2022-0619", "description": "Authorization bypass in github.com/emicklei/go-restful, go-restful/v2 and go-restful/v3", "aliases": [ "CVE-2022-1996", "GHSA-r48q-9g5r-8q2h" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0701", "name": "GO-2022-0701", "description": "Directory traversal in k8s.io/kubernetes", "aliases": [ "CVE-2015-5305", "GHSA-jp32-vmm6-3vf5" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0761", "name": "GO-2022-0761", "description": "Improper input validation in net/http and net/http/cgi", "aliases": [ "CVE-2016-5386" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0956", "name": "GO-2022-0956", "description": "Excessive resource consumption in gopkg.in/yaml.v2", "aliases": [ "CVE-2022-3064", "GHSA-6q6q-88xp-6f2r" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0965", "name": "GO-2022-0965", "description": "Unbounded recursion in JSON parsing in k8s.io/apimachinery", "aliases": [ "GHSA-74fp-r6jw-h4mp" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0968", "name": "GO-2022-0968", "description": "Panic on malformed packets in golang.org/x/crypto/ssh", "aliases": [ "CVE-2021-43565", "GHSA-gwc9-m7rh-j2ww" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0969", "name": "GO-2022-0969", "description": "Denial of service in net/http and golang.org/x/net/http2", "aliases": [ "CVE-2022-27664", "GHSA-69cg-p879-7622" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-0988", "name": "GO-2022-0988", "description": "Failure to strip relative path components in net/url", "aliases": [ "CVE-2022-32190" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-1037", "name": "GO-2022-1037", "description": "Unbounded memory consumption when reading headers in archive/tar", "aliases": [ "CVE-2022-2879" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-1038", "name": "GO-2022-1038", "description": "Incorrect sanitization of forwarded query parameters in net/http/httputil", "aliases": [ "CVE-2022-2880" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-1039", "name": "GO-2022-1039", "description": "Memory exhaustion when compiling regular expressions in regexp/syntax", "aliases": [ "CVE-2022-41715" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-1059", "name": "GO-2022-1059", "description": "Denial of service via crafted Accept-Language header in golang.org/x/text/language", "aliases": [ "CVE-2022-32149", "GHSA-69ch-w2m2-3vjp" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-1095", "name": "GO-2022-1095", "description": "Unsanitized NUL in environment variables on Windows in syscall and os/exec", "aliases": [ "CVE-2022-41716" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-1143", "name": "GO-2022-1143", "description": "Restricted file access on Windows in os and net/http", "aliases": [ "CVE-2022-41720" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2022-1144", "name": "GO-2022-1144", "description": "Excessive memory growth in net/http and golang.org/x/net/http2", "aliases": [ "CVE-2022-41717", "GHSA-xrjj-mj9h-534m" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1495", "name": "GO-2023-1495", "description": "Request smuggling due to improper request handling in golang.org/x/net/http2/h2c", "aliases": [ "CVE-2022-41721", "GHSA-fxg5-wq6x-vr4w" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1546", "name": "GO-2023-1546", "description": "Denial of service in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "aliases": [ "CVE-2023-25151", "GHSA-5r5m-65gx-7vrh" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1568", "name": "GO-2023-1568", "description": "Path traversal on Windows in path/filepath", "aliases": [ "CVE-2022-41722" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1569", "name": "GO-2023-1569", "description": "Excessive resource consumption in mime/multipart", "aliases": [ "CVE-2022-41725" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1570", "name": "GO-2023-1570", "description": "Panic on large handshake records in crypto/tls", "aliases": [ "CVE-2022-41724" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1571", "name": "GO-2023-1571", "description": "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "aliases": [ "CVE-2022-41723", "GHSA-vvpx-j8f3-3w6h" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1621", "name": "GO-2023-1621", "description": "Incorrect calculation on P256 curves in crypto/internal/nistec", "aliases": [ "CVE-2023-24532" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1631", "name": "GO-2023-1631", "description": "Panic when parsing invalid messages in google.golang.org/protobuf", "aliases": [ "CVE-2023-24535", "GHSA-hw7c-3rfg-p46j" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1702", "name": "GO-2023-1702", "description": "Infinite loop in parsing in go/scanner", "aliases": [ "CVE-2023-24537" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1703", "name": "GO-2023-1703", "description": "Backticks not treated as string delimiters in html/template", "aliases": [ "CVE-2023-24538" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1704", "name": "GO-2023-1704", "description": "Excessive memory allocation in net/http and net/textproto", "aliases": [ "CVE-2023-24534" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1705", "name": "GO-2023-1705", "description": "Excessive resource consumption in net/http, net/textproto and mime/multipart", "aliases": [ "CVE-2023-24536" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1751", "name": "GO-2023-1751", "description": "Improper sanitization of CSS values in html/template", "aliases": [ "CVE-2023-24539" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1752", "name": "GO-2023-1752", "description": "Improper handling of JavaScript whitespace in html/template", "aliases": [ "CVE-2023-24540" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1753", "name": "GO-2023-1753", "description": "Improper handling of empty HTML attributes in html/template", "aliases": [ "CVE-2023-29400" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1840", "name": "GO-2023-1840", "description": "Unsafe behavior in setuid/setgid binaries in runtime", "aliases": [ "CVE-2023-29403" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1878", "name": "GO-2023-1878", "description": "Insufficient sanitization of Host header in net/http", "aliases": [ "CVE-2023-29406" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1987", "name": "GO-2023-1987", "description": "Large RSA keys can cause high CPU usage in crypto/tls", "aliases": [ "CVE-2023-29409" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1988", "name": "GO-2023-1988", "description": "Improper rendering of text nodes in golang.org/x/net/html", "aliases": [ "CVE-2023-3978", "GHSA-2wrh-6pvc-2jm9" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-1992", "name": "GO-2023-1992", "description": "Misleading message verification in golang.org/x/crypto/openpgp/clearsign", "aliases": [ "CVE-2019-11841", "GHSA-x3jr-pf6g-c48f" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2041", "name": "GO-2023-2041", "description": "Improper handling of HTML-like comments in script contexts in html/template", "aliases": [ "CVE-2023-39318" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2043", "name": "GO-2023-2043", "description": "Improper handling of special tags within script contexts in html/template", "aliases": [ "CVE-2023-39319" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2044", "name": "GO-2023-2044", "description": "Panic when processing post-handshake message on QUIC connections in crypto/tls", "aliases": [ "CVE-2023-39321" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2045", "name": "GO-2023-2045", "description": "Memory exhaustion in QUIC connection handling in crypto/tls", "aliases": [ "CVE-2023-39322" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2048", "name": "GO-2023-2048", "description": "Paths outside of the rootfs could be produced on Windows in github.com/cyphar/filepath-securejoin", "aliases": [ "GHSA-6xv5-86q9-7xr8" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2102", "name": "GO-2023-2102", "description": "HTTP/2 rapid reset can cause excessive work in net/http", "aliases": [ "CVE-2023-39325", "GHSA-4374-p667-p6c8" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2113", "name": "GO-2023-2113", "description": "Memory exhaustion in go.opentelemetry.io/contrib/instrumentation", "aliases": [ "CVE-2023-45142", "GHSA-rcjv-mgp8-qvmr" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2153", "name": "GO-2023-2153", "description": "Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc", "aliases": [ "GHSA-m425-mq94-257g" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2185", "name": "GO-2023-2185", "description": "Insecure parsing of Windows paths with a \\??\\ prefix in path/filepath", "aliases": [ "CVE-2023-45283" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2186", "name": "GO-2023-2186", "description": "Incorrect detection of reserved device names on Windows in path/filepath", "aliases": [ "CVE-2023-45284" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2331", "name": "GO-2023-2331", "description": "Denial of service in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "aliases": [ "CVE-2023-47108", "GHSA-8pgv-569h-w5rw" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2375", "name": "GO-2023-2375", "description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "aliases": [ "CVE-2023-45287" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2382", "name": "GO-2023-2382", "description": "Denial of service via chunk extensions in net/http", "aliases": [ "CVE-2023-39326" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2023-2402", "name": "GO-2023-2402", "description": "Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto", "aliases": [ "CVE-2023-48795", "GHSA-45x7-px36-x8w8" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2491", "name": "GO-2024-2491", "description": "runc vulnerable to container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc", "aliases": [ "CVE-2024-21626", "GHSA-xr7r-f8xq-vfvv" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2527", "name": "GO-2024-2527", "description": "Etcd pkg Insecure ciphers are allowed by default in go.etcd.io/etcd/client/pkg/v3", "aliases": [ "GHSA-5x4g-q5rc-36jp" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "affected" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2598", "name": "GO-2024-2598", "description": "Verify panics on certificates with an unknown public key algorithm in crypto/x509", "aliases": [ "CVE-2024-24783" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2599", "name": "GO-2024-2599", "description": "Memory exhaustion in multipart form parsing in net/textproto and net/http", "aliases": [ "CVE-2023-45290" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2600", "name": "GO-2024-2600", "description": "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http", "aliases": [ "CVE-2023-45289" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2609", "name": "GO-2024-2609", "description": "Comments in display names are incorrectly handled in net/mail", "aliases": [ "CVE-2024-24784" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2610", "name": "GO-2024-2610", "description": "Errors returned from JSON marshaling may break template escaping in html/template", "aliases": [ "CVE-2024-24785" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2611", "name": "GO-2024-2611", "description": "Infinite loop in JSON unmarshaling in google.golang.org/protobuf", "aliases": [ "CVE-2024-24786", "GHSA-8r3f-844c-mc37" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2631", "name": "GO-2024-2631", "description": "Decompression bomb vulnerability in github.com/go-jose/go-jose", "aliases": [ "CVE-2024-28180", "GHSA-c5q2-7r4c-mv6g" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "affected" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2687", "name": "GO-2024-2687", "description": "HTTP/2 CONTINUATION flood in net/http", "aliases": [ "CVE-2023-45288", "GHSA-4v7x-pqxf-cx7m" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2746", "name": "GO-2024-2746", "description": "Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin in k8s.io/kubernetes", "aliases": [ "CVE-2024-3177", "GHSA-pxhw-596r-rwq5" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2748", "name": "GO-2024-2748", "description": "Privilege Escalation in Kubernetes in k8s.io/apimachinery", "aliases": [ "CVE-2020-8559", "GHSA-33c5-9fx5-fvjm" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2753", "name": "GO-2024-2753", "description": "Denial of service in Kubernetes in k8s.io/kubernetes", "aliases": [ "CVE-2020-8557", "GHSA-55qj-gj3x-jq9r" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2754", "name": "GO-2024-2754", "description": "Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes", "aliases": [ "CVE-2020-8566", "GHSA-5x96-j797-5qqw" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2755", "name": "GO-2024-2755", "description": "Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes", "aliases": [ "CVE-2020-8563", "GHSA-5xfg-wv98-264m" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2780", "name": "GO-2024-2780", "description": "Kubelet Incorrect Privilege Assignment in k8s.io/kubernetes", "aliases": [ "CVE-2019-11245", "GHSA-r76g-g87f-vw8f" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2824", "name": "GO-2024-2824", "description": "Malformed DNS message can cause infinite loop in net", "aliases": [ "CVE-2024-24788" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2887", "name": "GO-2024-2887", "description": "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip", "aliases": [ "CVE-2024-24790" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { "@id": "https://pkg.go.dev/vuln/GO-2024-2888", "name": "GO-2024-2888", "description": "Mishandling of corrupt central directory record in archive/zip", "aliases": [ "CVE-2024-24789" ] }, "products": [ { "@id": "Unknown Product" } ], "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" } ] }