You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 22, 2022. It is now read-only.
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
Fast linters Runner for Go
Found in HEAD commit: 669793d8de1d48ad154501cdf5541f7589c6003b
Vulnerabilities
Details
Vulnerable Library - github.com/golangci/golangci-lint-v1.23.8
Fast linters Runner for Go
Dependency Hierarchy:
Found in HEAD commit: 669793d8de1d48ad154501cdf5541f7589c6003b
Found in base branch: improbable
Vulnerability Details
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
Publish Date: 2020-06-17
URL: CVE-2020-14040
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://osv.dev/vulnerability/GO-2020-0015
Release Date: 2020-06-17
Fix Resolution: v0.3.3
Vulnerable Library - github.com/golangci/golangci-lint-v1.23.8
Fast linters Runner for Go
Dependency Hierarchy:
Found in HEAD commit: 669793d8de1d48ad154501cdf5541f7589c6003b
Found in base branch: improbable
Vulnerability Details
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
Publish Date: 2020-04-01
URL: CVE-2019-11254
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/go-yaml/yaml/tree/v2.2.8
Release Date: 2020-04-01
Fix Resolution: v2.2.8