| Bug | Description |
|---|
| CVE-2024-34158 | Calling Parse on a "// +build" build tag line with deeply nested expre ... |
| CVE-2024-34156 | Calling Decoder.Decode on a message which contains deeply nested struc ... |
| CVE-2024-34155 | Calling any of the Parse functions on Go source code which contains de ... |
| CVE-2024-24791 | The net/http HTTP/1.1 client mishandled the case where a server respon ... |
| CVE-2024-24790 | The various Is methods (IsPrivate, IsLoopback, etc) did not work as ex ... |
| CVE-2024-24789 | The archive/zip package's handling of certain types of invalid zip fil ... |
| CVE-2024-24788 | A malformed DNS message in response to a query can cause the Lookup fu ... |
| CVE-2024-24787 | On Darwin, building a Go module which contains CGO can trigger arbitra ... |
| CVE-2024-24785 | If errors returned from MarshalJSON methods contain user controlled da ... |
| CVE-2024-24784 | The ParseAddressList function incorrectly handles comments (text withi ... |
| CVE-2024-24783 | Verifying a certificate chain which contains a certificate with an unk ... |
| CVE-2023-45290 | When parsing a multipart form (either explicitly with Request.ParseMul ... |
| CVE-2023-45289 | When following an HTTP redirect to a domain which is not a subdomain m ... |
| CVE-2023-45288 | An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of ... |