Nicholashusin

**Name of the Vulnerable Software and Affected Versions** Go (affected versions not specified) **Description** Functions within the `net/textproto` package include input as part of the error when returning errors. This behavior allows an attacker to inject misleading content into errors that are subsequently printed or logged. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gopls (affected versions not specified) **Description** By default, the software communicates via pipe, but the `-port` and `-listen` flags are available for debugging. If the `-listen` flag is provided without an explicit host (e.g., ':8080') or if the `-port` flag is used, the application binds to 0.0.0.0. This configuration may allow a malicious actor on the same network to achieve arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.