You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
Vulnerable Library - k8s.io/apimachinery-v0.24.4
Found in HEAD commit: a48a4128f4f8f15392a854ed91698031d4a31bd5
Vulnerabilities
Details
CVE-2022-30633
Vulnerable Library - github.com/golang/net-cd36cc0744dd695657988f15f08446dc81e16efc
[mirror] Go supplementary network libraries
Dependency Hierarchy:
Found in HEAD commit: a48a4128f4f8f15392a854ed91698031d4a31bd5
Found in base branch: main
Vulnerability Details
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.
Publish Date: 2022-08-10
URL: CVE-2022-30633
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2022-30633
Release Date: 2022-05-13
Fix Resolution: go1.17.12,go1.18.4
CVE-2022-28131
Vulnerable Library - github.com/golang/net-cd36cc0744dd695657988f15f08446dc81e16efc
[mirror] Go supplementary network libraries
Dependency Hierarchy:
Found in HEAD commit: a48a4128f4f8f15392a854ed91698031d4a31bd5
Found in base branch: main
Vulnerability Details
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
Publish Date: 2022-08-10
URL: CVE-2022-28131
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2022-28131
Release Date: 2022-03-29
Fix Resolution: go1.17.12,go1.18.4
The text was updated successfully, but these errors were encountered: