CVE-2022-28131 (High) detected in third_party-gogo1.11beta1 #266

mend-for-github-com · 2022-07-18T02:02:20Z

CVE-2022-28131 - High Severity Vulnerability

Vulnerable Library - third_party-gogo1.11beta1

0

Library home page: https://github.com/fuchsia-mirror/third_party-go.git

Vulnerable Source Files (1)

/vendor/golang.org/x/net/webdav/internal/xml/read.go

Vulnerability Details

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

Publish Date: 2022-08-10

URL: CVE-2022-28131

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://security-tracker.debian.org/tracker/CVE-2022-28131

Release Date: 2022-03-29

Fix Resolution: go1.17.12,go1.18.4

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Jul 18, 2022

mend-for-github-com bot changed the title ~~CVE-2022-28131 (Medium) detected in third_party-gogo1.11beta1~~ CVE-2022-28131 (High) detected in third_party-gogo1.11beta1 Sep 12, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2022-28131 (High) detected in third_party-gogo1.11beta1 #266

CVE-2022-28131 (High) detected in third_party-gogo1.11beta1 #266

mend-for-github-com bot commented Jul 18, 2022 •

edited

CVE-2022-28131 (High) detected in third_party-gogo1.11beta1 #266

CVE-2022-28131 (High) detected in third_party-gogo1.11beta1 #266

Comments

mend-for-github-com bot commented Jul 18, 2022 • edited

CVE-2022-28131 - High Severity Vulnerability

mend-for-github-com bot commented Jul 18, 2022 •

edited