Description
openedon Aug 27, 2024
sonatype-2023-1010 The github.com/microsoft/go-mssqldb package is vulnerable to Buffer Overflow attacks. The readPLPType() function in the types.go file uses the size defined by an RPC message for the read buffer instead of a fixed buffer size when handling PLP types. An attacker can exploit this behavior by supplying a specially-crafted message that would cause a large memory allocation leading to memory corruption, an application crash or other unexpected behavior.
sonatype-2021-4899 The gorilla/sessions package is vulnerable due to Insufficient Session Expiration. The library allows for the creation of session cookies with the NewCookieStore() function in store.go. However, there is no mechanism available for invalidating user sessions once they have been created in this way. The documentation instructs users to set the MaxAge attribute of a cookie to -1 using the MaxAge() function in order to invalidate the session associated with it. However, this does not invalidate the users session on the server. A malicious user who is able to retrieve the value of a users' session cookie through a Cross-Site Scripting (XSS) attack, a Man-in-the-Middle (MitM) attack, or by some other means, will be able to use that session cookie to impersonate the user even after that user has logged out.