The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.
Base Score: 4.3
Impact Score: 2.9
Exploitability Score: 8.6
Base Score: 5.5
Impact Score: 3.6
Exploitability Score: 1.8
|148139||SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:0937-1)||Nessus||SuSE Local Security Checks|
|147697||FreeBSD : go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open (72709326-81f7-11eb-950a-00155d646401)||Nessus||FreeBSD Local Security Checks|