Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/golang-go.crypto@1:0.0~git20161012.0.5f31782-1~bpo8%2B1
Typedeb
Namespacedebian
Namegolang-go.crypto
Version1:0.0~git20161012.0.5f31782-1~bpo8+1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1:0.25.0-1~bpo12+1
Latest_non_vulnerable_version1:0.43.0-2
Affected_by_vulnerabilities
0
url VCID-37zk-9fax-v7e1
vulnerability_id VCID-37zk-9fax-v7e1
summary 
Improper Verification of Cryptographic Signature in golang.org/x/crypto
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
references
0
reference_url http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9283
reference_id
reference_type
scores
0
value 0.18682
scoring_system epss
scoring_elements 0.95285
published_at 2026-04-16T12:55:00Z
1
value 0.18682
scoring_system epss
scoring_elements 0.95277
published_at 2026-04-13T12:55:00Z
2
value 0.18682
scoring_system epss
scoring_elements 0.95275
published_at 2026-04-12T12:55:00Z
3
value 0.18682
scoring_system epss
scoring_elements 0.95274
published_at 2026-04-11T12:55:00Z
4
value 0.18682
scoring_system epss
scoring_elements 0.95269
published_at 2026-04-09T12:55:00Z
5
value 0.18682
scoring_system epss
scoring_elements 0.95266
published_at 2026-04-08T12:55:00Z
6
value 0.18682
scoring_system epss
scoring_elements 0.95259
published_at 2026-04-07T12:55:00Z
7
value 0.18682
scoring_system epss
scoring_elements 0.95254
published_at 2026-04-04T12:55:00Z
8
value 0.18682
scoring_system epss
scoring_elements 0.95251
published_at 2026-04-02T12:55:00Z
9
value 0.18682
scoring_system epss
scoring_elements 0.95239
published_at 2026-04-01T12:55:00Z
10
value 0.18682
scoring_system epss
scoring_elements 0.9529
published_at 2026-04-18T12:55:00Z
11
value 0.18682
scoring_system epss
scoring_elements 0.95292
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9283
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283
4
reference_url https://github.com/golang/crypto
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/golang/crypto
5
reference_url https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
6
reference_url https://go.dev/cl/220357
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/220357
7
reference_url https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236
8
reference_url https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
9
reference_url https://groups.google.com/g/golang-announce/c/3L45YRc91SY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/3L45YRc91SY
10
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
11
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
12
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9283
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9283
14
reference_url https://pkg.go.dev/vuln/GO-2020-0012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2020-0012
15
reference_url https://www.exploit-db.com/exploits/48121
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/48121
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1804533
reference_id 1804533
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1804533
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462
reference_id 952462
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py
reference_id CVE-2020-9283
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py
19
reference_url https://access.redhat.com/errata/RHSA-2020:2412
reference_id RHSA-2020:2412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2412
20
reference_url https://access.redhat.com/errata/RHSA-2020:2413
reference_id RHSA-2020:2413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2413
21
reference_url https://access.redhat.com/errata/RHSA-2020:2789
reference_id RHSA-2020:2789
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2789
22
reference_url https://access.redhat.com/errata/RHSA-2020:2790
reference_id RHSA-2020:2790
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2790
23
reference_url https://access.redhat.com/errata/RHSA-2020:2793
reference_id RHSA-2020:2793
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2793
24
reference_url https://access.redhat.com/errata/RHSA-2020:2878
reference_id RHSA-2020:2878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2878
25
reference_url https://access.redhat.com/errata/RHSA-2020:3078
reference_id RHSA-2020:3078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3078
26
reference_url https://access.redhat.com/errata/RHSA-2020:3369
reference_id RHSA-2020:3369
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3369
27
reference_url https://access.redhat.com/errata/RHSA-2020:3370
reference_id RHSA-2020:3370
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3370
28
reference_url https://access.redhat.com/errata/RHSA-2020:3372
reference_id RHSA-2020:3372
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3372
29
reference_url https://access.redhat.com/errata/RHSA-2020:3414
reference_id RHSA-2020:3414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3414
30
reference_url https://access.redhat.com/errata/RHSA-2020:3809
reference_id RHSA-2020:3809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3809
31
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
32
reference_url https://access.redhat.com/errata/RHSA-2021:1129
reference_id RHSA-2021:1129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1129
fixed_packages
0
url pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1
purl pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n1h-e2p4-9yhs
1
vulnerability VCID-cmts-6kz4-zkh8
2
vulnerability VCID-et4d-ak3r-1bfa
3
vulnerability VCID-hu5a-ewvg-6ya7
4
vulnerability VCID-jwxs-gteb-kfg5
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-mn45-w3s3-syej
7
vulnerability VCID-n34c-71wq-s3e4
8
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1
aliases CVE-2020-9283, GHSA-ffhg-7mh4-33c4
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37zk-9fax-v7e1
1
url VCID-3tpx-rnju-w3dw
vulnerability_id VCID-3tpx-rnju-w3dw
summary 
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

### Specific Go Packages Affected
golang.org/x/crypto/salsa20/salsa
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11840
reference_id
reference_type
scores
0
value 0.02086
scoring_system epss
scoring_elements 0.84038
published_at 2026-04-21T12:55:00Z
1
value 0.02086
scoring_system epss
scoring_elements 0.84037
published_at 2026-04-18T12:55:00Z
2
value 0.02086
scoring_system epss
scoring_elements 0.84035
published_at 2026-04-16T12:55:00Z
3
value 0.02086
scoring_system epss
scoring_elements 0.84011
published_at 2026-04-13T12:55:00Z
4
value 0.02086
scoring_system epss
scoring_elements 0.84015
published_at 2026-04-12T12:55:00Z
5
value 0.02086
scoring_system epss
scoring_elements 0.84021
published_at 2026-04-11T12:55:00Z
6
value 0.02086
scoring_system epss
scoring_elements 0.84006
published_at 2026-04-09T12:55:00Z
7
value 0.02086
scoring_system epss
scoring_elements 0.83999
published_at 2026-04-08T12:55:00Z
8
value 0.02086
scoring_system epss
scoring_elements 0.83976
published_at 2026-04-07T12:55:00Z
9
value 0.02705
scoring_system epss
scoring_elements 0.85853
published_at 2026-04-04T12:55:00Z
10
value 0.02705
scoring_system epss
scoring_elements 0.85835
published_at 2026-04-02T12:55:00Z
11
value 0.02705
scoring_system epss
scoring_elements 0.85824
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11840
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1691529
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1691529
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840
4
reference_url https://github.com/golang/go
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go
5
reference_url https://github.com/golang/go/issues/30965
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go/issues/30965
6
reference_url https://go.dev/cl/168406
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/168406
7
reference_url https://go.dev/issue/30965
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/30965
8
reference_url https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
9
reference_url https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
10
reference_url https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ
11
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
12
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
13
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
14
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
15
reference_url https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html
16
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11840
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11840
18
reference_url https://pkg.go.dev/vuln/GO-2022-0209
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0209
19
reference_url https://access.redhat.com/errata/RHSA-2021:0079
reference_id RHSA-2021:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0079
fixed_packages
0
url pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1
purl pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n1h-e2p4-9yhs
1
vulnerability VCID-cmts-6kz4-zkh8
2
vulnerability VCID-et4d-ak3r-1bfa
3
vulnerability VCID-hu5a-ewvg-6ya7
4
vulnerability VCID-jwxs-gteb-kfg5
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-mn45-w3s3-syej
7
vulnerability VCID-n34c-71wq-s3e4
8
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1
aliases CVE-2019-11840, GHSA-r5c5-pr8j-pfp7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tpx-rnju-w3dw
2
url VCID-andp-4snd-rbbt
vulnerability_id VCID-andp-4snd-rbbt
summary 
golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. An attacker can craft an authentication request message for the `gssapi-with-mic` method which will cause NewServerConn to panic via a nil pointer dereference if ServerConfig.GSSAPIWithMICConfig is nil.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29652.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29652.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-29652
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.08771
published_at 2026-04-21T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08618
published_at 2026-04-18T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.08757
published_at 2026-04-12T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.08629
published_at 2026-04-16T12:55:00Z
4
value 0.00031
scoring_system epss
scoring_elements 0.08742
published_at 2026-04-13T12:55:00Z
5
value 0.00031
scoring_system epss
scoring_elements 0.08674
published_at 2026-04-01T12:55:00Z
6
value 0.00031
scoring_system epss
scoring_elements 0.08702
published_at 2026-04-02T12:55:00Z
7
value 0.00031
scoring_system epss
scoring_elements 0.0875
published_at 2026-04-04T12:55:00Z
8
value 0.00031
scoring_system epss
scoring_elements 0.08675
published_at 2026-04-07T12:55:00Z
9
value 0.00031
scoring_system epss
scoring_elements 0.08751
published_at 2026-04-08T12:55:00Z
10
value 0.00031
scoring_system epss
scoring_elements 0.08777
published_at 2026-04-09T12:55:00Z
11
value 0.00031
scoring_system epss
scoring_elements 0.08779
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-29652
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
3
reference_url https://go.dev/cl/278852
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/278852
4
reference_url https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8
5
reference_url https://go-review.googlesource.com/c/crypto/+/278852
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go-review.googlesource.com/c/crypto/+/278852
6
reference_url https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
7
reference_url https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-29652
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-29652
9
reference_url https://pkg.go.dev/vuln/GO-2021-0227
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2021-0227
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1908883
reference_id 1908883
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1908883
11
reference_url https://access.redhat.com/errata/RHSA-2020:5633
reference_id RHSA-2020:5633
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5633
12
reference_url https://access.redhat.com/errata/RHSA-2021:1796
reference_id RHSA-2021:1796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1796
13
reference_url https://access.redhat.com/errata/RHSA-2021:2920
reference_id RHSA-2021:2920
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2920
fixed_packages
0
url pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1
purl pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n1h-e2p4-9yhs
1
vulnerability VCID-cmts-6kz4-zkh8
2
vulnerability VCID-et4d-ak3r-1bfa
3
vulnerability VCID-hu5a-ewvg-6ya7
4
vulnerability VCID-jwxs-gteb-kfg5
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-mn45-w3s3-syej
7
vulnerability VCID-n34c-71wq-s3e4
8
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1
aliases CVE-2020-29652, GHSA-3vm4-22fp-5rfm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-andp-4snd-rbbt
3
url VCID-t5dk-qg2g-3qhp
vulnerability_id VCID-t5dk-qg2g-3qhp
summary 
golang.org/x/crypto/ssh Man-in-the-Middle attack
The Go SSH library (golang.org/x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks if ClientConfig.HostKeyCallback is not set. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3204.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3204.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-3204
reference_id
reference_type
scores
0
value 0.00453
scoring_system epss
scoring_elements 0.63793
published_at 2026-04-21T12:55:00Z
1
value 0.00453
scoring_system epss
scoring_elements 0.63778
published_at 2026-04-08T12:55:00Z
2
value 0.00453
scoring_system epss
scoring_elements 0.63806
published_at 2026-04-18T12:55:00Z
3
value 0.00453
scoring_system epss
scoring_elements 0.63797
published_at 2026-04-16T12:55:00Z
4
value 0.00453
scoring_system epss
scoring_elements 0.63761
published_at 2026-04-13T12:55:00Z
5
value 0.00453
scoring_system epss
scoring_elements 0.63794
published_at 2026-04-12T12:55:00Z
6
value 0.00453
scoring_system epss
scoring_elements 0.63808
published_at 2026-04-11T12:55:00Z
7
value 0.00453
scoring_system epss
scoring_elements 0.63795
published_at 2026-04-09T12:55:00Z
8
value 0.00453
scoring_system epss
scoring_elements 0.6368
published_at 2026-04-01T12:55:00Z
9
value 0.00453
scoring_system epss
scoring_elements 0.6374
published_at 2026-04-02T12:55:00Z
10
value 0.00453
scoring_system epss
scoring_elements 0.63766
published_at 2026-04-04T12:55:00Z
11
value 0.00453
scoring_system epss
scoring_elements 0.63726
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-3204
2
reference_url https://bridge.grumpy-troll.org/2017/04/golang-ssh-security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bridge.grumpy-troll.org/2017/04/golang-ssh-security
3
reference_url https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/
reference_id
reference_type
scores
url https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3204
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3204
5
reference_url https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991
6
reference_url https://github.com/golang/go/issues/19767
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go/issues/19767
7
reference_url https://go.dev/cl/340830
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/340830
8
reference_url https://go.dev/cl/38701
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/38701
9
reference_url https://go.dev/issue/19767
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/19767
10
reference_url https://godoc.org/golang.org/x/crypto/ssh
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://godoc.org/golang.org/x/crypto/ssh
11
reference_url https://go.googlesource.com/crypto/+/e4e2799dd7aab89f583e1d898300d96367750991
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/crypto/+/e4e2799dd7aab89f583e1d898300d96367750991
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-3204
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-3204
13
reference_url https://pkg.go.dev/vuln/GO-2020-0013
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2020-0013
14
reference_url https://web.archive.org/web/20170423080311/https://www.securityfocus.com/bid/97481
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170423080311/https://www.securityfocus.com/bid/97481
15
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3204
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3204
16
reference_url http://www.securityfocus.com/bid/97481
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97481
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1439748
reference_id 1439748
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1439748
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859655
reference_id 859655
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859655
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*
fixed_packages
0
url pkg:deb/debian/golang-go.crypto@1:0.0~git20170407.0.55a552f%2BREALLY.0.0~git20161012.0.5f31782-1
purl pkg:deb/debian/golang-go.crypto@1:0.0~git20170407.0.55a552f%2BREALLY.0.0~git20161012.0.5f31782-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37zk-9fax-v7e1
1
vulnerability VCID-3tpx-rnju-w3dw
2
vulnerability VCID-andp-4snd-rbbt
3
vulnerability VCID-zvd3-3b1h-77ef
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20170407.0.55a552f%252BREALLY.0.0~git20161012.0.5f31782-1
aliases CVE-2017-3204, GHSA-xhjq-w7xm-p8qj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t5dk-qg2g-3qhp
4
url VCID-zvd3-3b1h-77ef
vulnerability_id VCID-zvd3-3b1h-77ef
summary 
Golang/x/crypto message forgery vulnerability
A message-forgery issue was discovered in `crypto/openpgp/clearsign/clearsign.go` in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.
references
0
reference_url http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11841
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60586
published_at 2026-04-16T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60545
published_at 2026-04-13T12:55:00Z
2
value 0.00397
scoring_system epss
scoring_elements 0.60525
published_at 2026-04-04T12:55:00Z
3
value 0.00397
scoring_system epss
scoring_elements 0.60592
published_at 2026-04-18T12:55:00Z
4
value 0.00397
scoring_system epss
scoring_elements 0.60566
published_at 2026-04-12T12:55:00Z
5
value 0.00397
scoring_system epss
scoring_elements 0.6058
published_at 2026-04-21T12:55:00Z
6
value 0.00397
scoring_system epss
scoring_elements 0.60559
published_at 2026-04-09T12:55:00Z
7
value 0.00397
scoring_system epss
scoring_elements 0.60543
published_at 2026-04-08T12:55:00Z
8
value 0.00397
scoring_system epss
scoring_elements 0.60494
published_at 2026-04-07T12:55:00Z
9
value 0.00397
scoring_system epss
scoring_elements 0.60423
published_at 2026-04-01T12:55:00Z
10
value 0.00397
scoring_system epss
scoring_elements 0.60498
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11841
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11841
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11841
3
reference_url https://github.com/golang/crypto/commit/c05e17bb3b2dca130fc919668a96b4bec9eb9442
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/crypto/commit/c05e17bb3b2dca130fc919668a96b4bec9eb9442
4
reference_url https://github.com/golang/crypto/tree/master/openpgp/clearsign
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/crypto/tree/master/openpgp/clearsign
5
reference_url https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
6
reference_url https://go-review.git.corp.google.com/c/crypto/+/173778
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go-review.git.corp.google.com/c/crypto/+/173778
7
reference_url https://groups.google.com/d/msg/golang-openpgp/6vdgZoTgbIY/K6bBY9z3DAAJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/d/msg/golang-openpgp/6vdgZoTgbIY/K6bBY9z3DAAJ
8
reference_url https://lists.debian.org/debian-lts-announce/2019/09/msg00011.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/09/msg00011.html
9
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
10
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11841
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11841
12
reference_url https://pkg.go.dev/vuln/GO-2023-1992
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2023-1992
13
reference_url https://web.archive.org/web/20201207161832/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207161832/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841
fixed_packages
0
url pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1
purl pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n1h-e2p4-9yhs
1
vulnerability VCID-cmts-6kz4-zkh8
2
vulnerability VCID-et4d-ak3r-1bfa
3
vulnerability VCID-hu5a-ewvg-6ya7
4
vulnerability VCID-jwxs-gteb-kfg5
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-mn45-w3s3-syej
7
vulnerability VCID-n34c-71wq-s3e4
8
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1
aliases CVE-2019-11841, GHSA-x3jr-pf6g-c48f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvd3-3b1h-77ef
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20161012.0.5f31782-1~bpo8%252B1