FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
78f2e491-312d-11ee-85f2-bd89b893fcb4	go -- multiple vulnerabilities The Go project reports: crypto/tls: restrict RSA keys in certificates to <= 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to <= 8192 bits. net/http: insufficient sanitization of Host header The HTTP/1 client did not fully validate the contents of the Host header. A maliciously crafted Host header could inject additional headers or entire requests. The HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. cmd/go: cgo code injection The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. runtime: unexpected behavior of setuid/setgid binaries The Go runtime didn't act any differently when a binary had the setuid/setgid bit set. On Unix platforms, if a setuid/setgid binary was executed with standard I/O file descriptors closed, opening any files could result in unexpected content being read/written with elevated prilieges. Similarly if a setuid/setgid program was terminated, either via panic or signal, it could leak the contents of its registers. cmd/go: improper sanitization of LDFLAGS The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. html/template: improper sanitization of CSS values Angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input. html/template: improper handling of JavaScript whitespace Not all valid JavaScript whitespace characters were considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. html/template: improper handling of empty HTML attributes Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input could result in output that would have unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. Discovery 2023-04-27 Entry 2023-08-02 go119 < 1.19.12 go120 < 1.20.7 CVE-2023-29406 CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 https://groups.google.com/u/1/g/golang-announce/c/X0b6CsSAaYI https://groups.google.com/u/1/g/golang-announce/c/2q13H6LEEx0 https://groups.google.com/u/1/g/golang-announce/c/q5135a9d924 https://groups.google.com/u/1/g/golang-announce/c/MEb0UyuSMsU
beb36f39-4d74-11ee-985e-bff341e78d94	go -- multiple vulnerabilities The Go project reports: cmd/go: go.mod toolchain directive allows arbitrary execution The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software. html/template: improper handling of HTML-like comments within script contexts The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "#!" comment tokens, in

VuXML ID

Description

78f2e491-312d-11ee-85f2-bd89b893fcb4

go -- multiple vulnerabilities

The Go project reports:

crypto/tls: restrict RSA keys in certificates to <= 8192 bits

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to <= 8192 bits.

net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header. A maliciously crafted Host header could inject additional headers or entire requests. The HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.

cmd/go: cgo code injection

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo.

runtime: unexpected behavior of setuid/setgid binaries

The Go runtime didn't act any differently when a binary had the setuid/setgid bit set. On Unix platforms, if a setuid/setgid binary was executed with standard I/O file descriptors closed, opening any files could result in unexpected content being read/written with elevated prilieges. Similarly if a setuid/setgid program was terminated, either via panic or signal, it could leak the contents of its registers.

cmd/go: improper sanitization of LDFLAGS

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive.

html/template: improper sanitization of CSS values

Angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input.

html/template: improper handling of JavaScript whitespace

Not all valid JavaScript whitespace characters were considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

html/template: improper handling of empty HTML attributes

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input could result in output that would have unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

Discovery 2023-04-27
Entry 2023-08-02
go119

< 1.19.12

go120

< 1.20.7

CVE-2023-29406
CVE-2023-29402
CVE-2023-29403
CVE-2023-29404
CVE-2023-24539
CVE-2023-24540
CVE-2023-29400
https://groups.google.com/u/1/g/golang-announce/c/X0b6CsSAaYI
https://groups.google.com/u/1/g/golang-announce/c/2q13H6LEEx0
https://groups.google.com/u/1/g/golang-announce/c/q5135a9d924
https://groups.google.com/u/1/g/golang-announce/c/MEb0UyuSMsU

beb36f39-4d74-11ee-985e-bff341e78d94

go -- multiple vulnerabilities

The Go project reports:

cmd/go: go.mod toolchain directive allows arbitrary execution

The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.

html/template: improper handling of HTML-like comments within script contexts

The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "#!" comment tokens, in