目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1325 CNY

100%
コーヒーを一杯おごる

golang.org/x/net 厂商漏洞列表 / CVE 中文分析 14

golang.org/x/net 厂商相关 14 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Go语言官方扩展网络库,提供HTTP、WebSocket、DNS等核心网络功能。历史上曾曝出RCE、XSS、内存泄漏等漏洞,其中HTTP请求走私和DNS解析缺陷较为常见。2021年修复的CVE-2021-31220允许通过恶意WebSocket服务器导致客户端崩溃,而CVE-2022-41717则涉及HTTP/2拒绝服务问题。该库作为Go生态基础组件,其安全性直接影响大量Go应用。

上位製品 golang.org/x/net: golang.org/x/net/html golang.org/x/net/http2 golang.org/x/net/http2/h2c golang.org/x/net/idna
CVE IDタイトルCVSS深刻度公開日
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html — golang.org/x/net/html--2026-05-22
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html — golang.org/x/net/html--2026-05-22
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html — golang.org/x/net/html--2026-05-22
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html — golang.org/x/net/html--2026-05-22
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html — golang.org/x/net/html--2026-05-22
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna — golang.org/x/net/idna--2026-05-22
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net — golang.org/x/net/http2 7.5AIHighAI2026-05-07
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net — golang.org/x/net/http2 7.5AIHighAI2026-02-26
CVE-2025-58190 Infinite parsing loop in golang.org/x/net — golang.org/x/net/html 6.5AIMediumAI2026-02-05
CVE-2025-47911 Quadratic parsing complexity in golang.org/x/net/html — golang.org/x/net/html 6.5AIMediumAI2026-02-05
CVE-2025-22872 Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net — golang.org/x/net/html 5.0AIMediumAI2025-04-16
CVE-2024-45338 Non-linear parsing of case-insensitive content in golang.org/x/net/html — golang.org/x/net/html 7.5 -2024-12-18
CVE-2023-3978 Improper rendering of text nodes in golang.org/x/net/html — golang.org/x/net/html 6.1 -2023-08-02
CVE-2022-41721 Request smuggling due to improper request handling in golang.org/x/net/http2/h2c — golang.org/x/net/http2/h2c 7.5 -2023-01-13

本页汇总了 golang.org/x/net 厂商截至目前公开的全部 14 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。