Go Vulnerabilities

This vulnerability allows an attacker to manipulate the X-Forwarded-For header, potentially exposing the true client IP address when using the Go ReverseProxy feature. It occurs if the header is set to a nil value, which can happen in certain configurations before specific versions of Go are used.

An attacker can cause a program using certain versions of Go to crash by sending it a message with deeply nested data structures, which overwhelms the system's memory. This vulnerability requires the attacker to be able to send specially crafted messages to the affected application.

An attacker can crash a Go application by sending a specially crafted XML document that causes excessive nesting in the data structure being processed. This vulnerability affects versions of Go before 1.17.12 and 1.18.4, and it requires the application to use the 'any' field tag in its data structures.

An attacker can crash a Go application by sending it a specially crafted file path with many separators, which causes the program to run out of memory and stop working. This issue affects versions of Go before 1.17.12 and 1.18.4, so using an outdated version increases the risk.

This vulnerability allows an attacker to track users' connections by observing the ages of session tickets during secure connections, which can help them link multiple sessions together. However, the attacker needs to be able to watch the TLS handshakes happening between the user and the server to exploit this weakness.

This vulnerability allows an attacker to execute malicious binaries in the working directory if they are named with the extensions "..com" or "..exe" when certain commands are run without specifying a path. This can happen in specific versions of Go when using functions that start or run commands, making it crucial for users to ensure they set the command path properly to avoid exploitation.

An attacker can exploit this vulnerability to crash a Go application by sending it deeply nested types or declarations, which can overwhelm the system's memory. This issue affects specific versions of Go before updates were released, so using an outdated version increases the risk.

This vulnerability allows an attacker to sneak malicious requests past a server by exploiting certain invalid headers in HTTP requests, but it only works if there’s an intermediate server that also fails to properly reject those headers. To be successful, the attacker needs to carefully craft the requests and rely on the misconfiguration of the servers involved.