For example, the current Server (Go 1.20) has the following vulnerabilities:
Vulnerability #2: GO-2024-2887
Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in
net/netip
More info: https://pkg.go.dev/vuln/GO-2024-2887
Standard library
Found in: net/netip@go1.21.10
Fixed in: net/netip@go1.21.11
Example traces found:
Error: #1: server.server.Start, which eventually calls netip.Addr.IsLoopback
Error: #2: server.server.Start, which eventually calls netip.Addr.IsMulticast
We should check for vulnerabilities in each push: https://pkg.go.dev/golang.org/x/vuln/cmd/govulnchec
For example, the current Server (Go 1.20) has the following vulnerabilities: