CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
13.2%
The golang package vulnerability is related to errors returned from MarshalJSON methods containing data,
controlled by the user. Exploitation of the vulnerability could allow an attacker acting remotely,
exploit these errors to disrupt the contextual behavior of the automatic output of the package
html/template.
A vulnerability in the golang package of the Debian GNU/Linux operating system is related to a lack of service data protection.
data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information.
confidential information
A vulnerability in the golang package of the Debian GNU/Linux operating system is related to an exception handling flaw.
exceptions. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service (DoS).
denial of service (DoS)
A vulnerability in the golang package of the Debian GNU/Linux operating system is related to uncontrolled resource consumption.
resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service (DoS).
denial of service (DoS)
Vulnerability of net/http and net/http2 libraries of Go programming language (in terms of implementation of HTTP/2 protocol) is related to uncontrolled resource consumption.
HTTP/2) is related to uncontrolled resource consumption as a result of incorrect definition of the end of the
header when processing CONTINUATION frames. Exploitation of the vulnerability could allow an attacker,
acting remotely, to cause a denial of service