Skip to content

Commit

Permalink
add 1.19 and another 1.18 cve entry to the go vex document
Browse files Browse the repository at this point in the history
  • Loading branch information
danbudris committed Sep 26, 2023
1 parent 79d4579 commit e8a9a97
Showing 1 changed file with 66 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,72 @@
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41723"
}
]
},
{
"cve": "CVE-2022-41724",
"notes": [
{
"category": "description",
"text": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"eks-distro-golang:v1-18-10-eks-8"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41724"
}
]
},
{
"cve": "CVE-2023-39318",
"notes": [
{
"category": "description",
"text": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"eks-distro-golang:v1-19-12-eks-10"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-39318",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-39318"
}
]
},
{
"cve": "CVE-2023-39319",
"notes": [
{
"category": "description",
"text": "The html/template package does not apply the proper rules for handling occurrences of \"<script\", \"<!--\", and \"</script\" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"eks-distro-golang:v1-19-12-eks-10"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-39318",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-39319"
}
]
}
]
}

0 comments on commit e8a9a97

Please sign in to comment.