FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-08 09:03:38 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
beb36f39-4d74-11ee-985e-bff341e78d94	go -- multiple vulnerabilities The Go project reports: cmd/go: go.mod toolchain directive allows arbitrary execution The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software. html/template: improper handling of HTML-like comments within script contexts The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "#!" comment tokens, in

VuXML ID

Description

beb36f39-4d74-11ee-985e-bff341e78d94

go -- multiple vulnerabilities

The Go project reports:

cmd/go: go.mod toolchain directive allows arbitrary execution

The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.

html/template: improper handling of HTML-like comments within script contexts

The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "#!" comment tokens, in