Golang : Security Vulnerabilities, CVEs, (Information Leak) CVSS score >= 6
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.
Max CVSS
6.5
EPSS Score
0.16%
Published
2022-08-10
Updated
2023-03-02
The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.55%
Published
2016-01-27
Updated
2018-10-30
2 vulnerabilities found