温州网站建设服务电子商务网络公司,百度竞价排名平台,微信公众号如何开通,led灯网站建设案例最近发现 Go 官方自己推出了新的工具#xff0c;作用是漏洞管理#xff0c;告诉你已报告的漏洞#xff0c;并告知你应该如何升级到什么版本。
版本要求是#xff1a;Go 1.18
go install golang.org/x/vuln/cmd/govulnchecklatest进入项目目录govulncheck ./...输出如…最近发现 Go 官方自己推出了新的工具作用是漏洞管理告诉你已报告的漏洞并告知你应该如何升级到什么版本。
版本要求是Go 1.18
go install golang.org/x/vuln/cmd/govulnchecklatest进入项目目录govulncheck ./...输出如下
Scanning your code and 470 packages across 91 dependent modules for known vulnerabilities...Vulnerability #1: GO-2023-2043Improper handling of special tags within script contexts in html/templateMore info: https://pkg.go.dev/vuln/GO-2023-2043Standard libraryFound in: html/templatego1.20Fixed in: html/templatego1.21.1Example traces found:#1: pkg/endless/endless_unix.go:201:24: endless.endlessServer.Serve calls http.Server.Serve, which eventually calls template.Template.Execute#2: pkg/endless/endless_unix.go:201:24: endless.endlessServer.Serve calls http.Server.Serve, which eventually calls template.Template.ExecuteTemplateVulnerability #2: GO-2023-2041Improper handling of HTML-like comments in script contexts in html/templateMore info: https://pkg.go.dev/vuln/GO-2023-2041Standard libraryFound in: html/templatego1.20Fixed in: html/templatego1.21.1Example traces found:#1: pkg/endless/endless_unix.go:201:24: endless.endlessServer.Serve calls http.Server.Serve, which eventually calls template.Template.Execute#2: pkg/endless/endless_unix.go:201:24: endless.endlessServer.Serve calls http.Server.Serve, which eventually calls template.Template.ExecuteTemplateVulnerability #3: GO-2023-1987Large RSA keys can cause high CPU usage in crypto/tlsMore info: https://pkg.go.dev/vuln/GO-2023-1987Standard libraryFound in: crypto/tlsgo1.20Fixed in: crypto/tlsgo1.21rc4Example traces found:#1: pkg/gredis/redis.go:22:24: gredis.Setup calls redis.Dial, which calls tls.Conn.Handshake#2: pkg/endless/endless_unix.go:201:24: endless.endlessServer.Serve calls http.Server.Serve, which eventually calls tls.Conn.HandshakeContext#3: pkg/util/util.go:140:19: util.CreateUuidStringNew calls rand.Read, which eventually calls tls.Conn.Read#4: pkg/endless/endless_unix.go:201:24: endless.endlessServer.Serve calls http.Server.Serve, which eventually calls tls.Conn.Write#5: pkg/curl/curl.go:62:23: curl.HttpClientRequest calls http.Client.Do, which eventually calls tls.Dialer.DialContext
....
....GO-2023-2043 为漏洞编号后面的为漏洞说明和修复建议。
具体说明参考文章https://mp.weixin.qq.com/s/xO_w3FvNN8OeiuEYFarwGQ
