CVE-2023-39326 - Exploiting HTTP Chunk Extensions in Go net/http – Vulnerability Explained
In the world of web development, the Go programming language is well-known for its powerful and reliable net/http package, which forms the backbone of
CVE-2023-45283 - How the Go `filepath` Package Let Windows Paths Go Rogue (And What Was Fixed)
In late 2023, a security vulnerability was discovered in Go’s standard library—specifically in the filepath package. Known as CVE-2023-45283, this bug affected how
CVE-2023-39322 - Exploiting Unbounded Memory Growth in QUIC Connections
In 2023, a significant vulnerability (CVE-2023-39322) was found in how QUIC connections handle incoming post-handshake messages. The bug allows a malicious client or server to
CVE-2023-39321 - How a Broken QUIC Post-Handshake Message Causes a Panic (With Exploit and Fixes)
If you’re using the QUIC protocol in your applications through the popular Go library quic-go, there’s an important vulnerability you need to know
CVE-2023-39318 - How a Simple Script Comment in Go html/template Leads to XSS Exploits
If you work with Go web applications, you've probably used Go's standard library html/template for safe dynamic HTML. It'
Episode
00:00:00
00:00:00