[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-15042":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":82,"aliases":83,"duplicate_of":9,"upstream":85,"downstream":86,"duplicates":107,"related":108,"reserved_at":9,"published_at":116,"modified_at":117,"state":118,"summary":119,"references_raw":128,"kevs":192,"epss":193,"epss_history":196,"metrics":465,"affected":476},"CVE-2017-15042","An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-319","Cleartext Transmission of Sensitive Information","The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.","weakness","Draft","Base","High",[20,24,28,61,65],{"id":21,"name":22,"techniques":23},"CAPEC-102","Session Sidejacking",[],{"id":25,"name":26,"techniques":27},"CAPEC-117","Interception",[],{"id":29,"name":30,"techniques":31},"CAPEC-383","Harvesting Information via API Event Monitoring",[32],{"id":33,"name":34,"tactics":35,"countermeasures":42},"T1056.004","Credential API Hooking",[36,39],{"id":37,"name":38},"TA0100","Collection",{"id":40,"name":41},"TA0031","Credential Access",[43,48,52,57],{"id":44,"name":45,"tactic":46},"D3-MBT","Memory Boundary Tracking",{"name":47},"Detect",{"id":49,"name":50,"tactic":51},"D3-PCSV","Process Code Segment Verification",{"name":47},{"id":53,"name":54,"tactic":55},"D3-PSEP","Process Segment Execution Prevention",{"name":56},"Harden",{"id":58,"name":59,"tactic":60},"D3-SAOR","Segment Address Offset Randomization",{"name":56},{"id":62,"name":63,"techniques":64},"CAPEC-477","Signature Spoofing by Mixing Signed and Unsigned Content",[],{"id":66,"name":67,"techniques":68},"CAPEC-65","Sniff Application Code",[69],{"id":70,"name":71,"tactics":72,"countermeasures":77},"T1040","Network Sniffing",[73,74],{"id":40,"name":41},{"id":75,"name":76},"TA0102","Discovery",[78],{"id":79,"name":80,"tactic":81},"D3-DNSTA","DNS Traffic Analysis",{"name":47},[],[84],"GO-2021-0178",[],[87,89,91,93,95,97,99,101,103,105],{"_key":88},"UBUNTU-CVE-2017-15042",{"_key":90},"OPENSUSE-SU-2024:10802-1",{"_key":92},"OPENSUSE-SU-2024:10803-1",{"_key":94},"OPENSUSE-SU-2024:10804-1",{"_key":96},"OPENSUSE-SU-2024:10805-1",{"_key":98},"OPENSUSE-SU-2024:10811-1",{"_key":100},"OPENSUSE-SU-2024:10812-1",{"_key":102},"MGASA-2018-0089",{"_key":104},"RHSA-2017:3463",{"_key":106},"RHSA-2018:0878",[],[109,110,111,112,113,114,115],{"_key":90},{"_key":92},{"_key":94},{"_key":96},{"_key":98},{"_key":100},{"_key":102},"2017-10-05T21:00:00.000Z","2024-08-05T19:42:22.302Z","Modified",{"cisa_kev":120,"cisa_ransomware":120,"cisa_vendor":9,"epss_severity":121,"epss_score":122,"severity":123,"severity_score":124,"severity_version":125,"severity_source":126,"severity_vector":127,"severity_status":118},false,"low",0.00181,"medium",5.9,"v3.0","nvd","CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",[129,136,140,147,152,158,162,167,172,178,182,187],{"url":130,"sources":131,"tags":133},"https://access.redhat.com/errata/RHSA-2017:3463",[132,126],"cve.org",[134,135],"Vendor Advisory","X Refsource REDHAT",{"url":137,"sources":138,"tags":139},"https://access.redhat.com/errata/RHSA-2018:0878",[132,126],[134,135],{"url":141,"sources":142,"tags":143},"http://www.securityfocus.com/bid/101197",[132,126],[144,145,146],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":148,"sources":149,"tags":150},"https://golang.org/cl/68210",[132,126],[151,134],"X Refsource CONFIRM",{"url":153,"sources":154,"tags":155},"https://golang.org/cl/68023",[132,126],[151,156,157,134],"Issue Tracking","Patch",{"url":159,"sources":160,"tags":161},"https://github.com/golang/go/issues/22134",[132,126],[151,156,157,134],{"url":163,"sources":164,"tags":165},"https://security.gentoo.org/glsa/201710-23",[132,126],[134,166,146],"X Refsource GENTOO",{"url":168,"sources":169,"tags":170},"https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ",[132,126],[151,171,134],"Mailing List",{"url":173,"sources":174,"tags":176},"https://go.dev/cl/68170",[175],"osv_go",[177],"FIX",{"url":179,"sources":180,"tags":181},"https://go.googlesource.com/go/+/ec3b6131de8f9c9c25283260c95c616c74f6d790",[175],[177],{"url":183,"sources":184,"tags":185},"https://go.dev/issue/22134",[175],[186],"REPORT",{"url":188,"sources":189,"tags":190},"https://groups.google.com/g/golang-dev/c/RinSE3EiJBI/m/kYL7zb07AgAJ",[175],[191],"WEB",[],{"date":194,"score":122,"percentile":195},"2026-06-04",0.39541,[197,201,204,207,210,213,216,219,222,225,228,231,233,236,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,285,288,292,295,298,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,387,390,393,396,398,401,404,407,410,413,416,419,422,425,428,431,433,436,439,442,445,448,450,453,456,459,462],{"date":198,"score":199,"percentile":200},"2025-11-04",0.00151,0.36244,{"date":202,"score":199,"percentile":203},"2025-11-05",0.36233,{"date":205,"score":199,"percentile":206},"2025-11-06",0.36229,{"date":208,"score":199,"percentile":209},"2025-11-07",0.36257,{"date":211,"score":199,"percentile":212},"2025-11-08",0.3625,{"date":214,"score":199,"percentile":215},"2025-11-09",0.36237,{"date":217,"score":199,"percentile":218},"2025-11-10",0.36201,{"date":220,"score":199,"percentile":221},"2025-11-11",0.36227,{"date":223,"score":199,"percentile":224},"2025-11-12",0.36261,{"date":226,"score":199,"percentile":227},"2025-11-13",0.36277,{"date":229,"score":199,"percentile":230},"2025-11-14",0.3628,{"date":232,"score":199,"percentile":230},"2025-11-15",{"date":234,"score":199,"percentile":235},"2025-11-16",0.36262,{"date":237,"score":238,"percentile":239},"2025-11-17",0.00204,0.42695,{"date":241,"score":238,"percentile":242},"2025-11-18",0.38172,{"date":244,"score":238,"percentile":245},"2025-11-19",0.38181,{"date":247,"score":238,"percentile":248},"2025-11-20",0.38174,{"date":250,"score":238,"percentile":251},"2025-11-21",0.42676,{"date":253,"score":238,"percentile":254},"2025-11-22",0.42678,{"date":256,"score":238,"percentile":257},"2025-11-23",0.42647,{"date":259,"score":238,"percentile":260},"2025-11-24",0.42638,{"date":262,"score":238,"percentile":263},"2025-11-25",0.42653,{"date":265,"score":238,"percentile":266},"2025-11-26",0.42649,{"date":268,"score":238,"percentile":269},"2025-11-27",0.42652,{"date":271,"score":238,"percentile":272},"2025-11-28",0.42623,{"date":274,"score":238,"percentile":275},"2025-11-29",0.42603,{"date":277,"score":238,"percentile":278},"2025-11-30",0.42582,{"date":280,"score":238,"percentile":281},"2025-12-01",0.42706,{"date":283,"score":238,"percentile":284},"2025-12-02",0.42715,{"date":286,"score":238,"percentile":287},"2025-12-03",0.42717,{"date":289,"score":290,"percentile":291},"2025-12-04",0.00191,0.41163,{"date":293,"score":290,"percentile":294},"2025-12-05",0.4119,{"date":296,"score":290,"percentile":297},"2025-12-06",0.41183,{"date":299,"score":290,"percentile":291},"2025-12-07",{"date":301,"score":290,"percentile":302},"2025-12-08",0.41169,{"date":304,"score":290,"percentile":305},"2025-12-09",0.41206,{"date":307,"score":290,"percentile":308},"2025-12-10",0.41262,{"date":310,"score":290,"percentile":311},"2025-12-11",0.41293,{"date":313,"score":290,"percentile":314},"2025-12-12",0.41323,{"date":316,"score":290,"percentile":317},"2025-12-13",0.41303,{"date":319,"score":290,"percentile":320},"2025-12-14",0.41264,{"date":322,"score":290,"percentile":323},"2025-12-15",0.41249,{"date":325,"score":290,"percentile":326},"2025-12-16",0.41279,{"date":328,"score":290,"percentile":329},"2025-12-17",0.41322,{"date":331,"score":290,"percentile":332},"2025-12-18",0.41368,{"date":334,"score":290,"percentile":335},"2025-12-19",0.41382,{"date":337,"score":290,"percentile":338},"2025-12-20",0.41361,{"date":340,"score":290,"percentile":341},"2025-12-21",0.4132,{"date":343,"score":290,"percentile":344},"2025-12-22",0.41297,{"date":346,"score":290,"percentile":347},"2025-12-23",0.41298,{"date":349,"score":290,"percentile":350},"2025-12-24",0.41317,{"date":352,"score":290,"percentile":353},"2025-12-25",0.41363,{"date":355,"score":290,"percentile":356},"2025-12-26",0.41342,{"date":358,"score":290,"percentile":359},"2025-12-27",0.41364,{"date":361,"score":290,"percentile":362},"2025-12-28",0.41263,{"date":364,"score":290,"percentile":365},"2025-12-29",0.41242,{"date":367,"score":290,"percentile":368},"2025-12-30",0.41234,{"date":370,"score":290,"percentile":371},"2025-12-31",0.41282,{"date":373,"score":290,"percentile":374},"2026-01-01",0.41418,{"date":376,"score":290,"percentile":377},"2026-01-02",0.41394,{"date":379,"score":290,"percentile":380},"2026-01-03",0.41385,{"date":382,"score":290,"percentile":383},"2026-01-04",0.41225,{"date":385,"score":290,"percentile":386},"2026-01-05",0.41202,{"date":388,"score":290,"percentile":389},"2026-01-06",0.41204,{"date":391,"score":290,"percentile":392},"2026-01-07",0.41228,{"date":394,"score":290,"percentile":395},"2026-01-08",0.41254,{"date":397,"score":290,"percentile":368},"2026-01-09",{"date":399,"score":290,"percentile":400},"2026-01-10",0.41235,{"date":402,"score":290,"percentile":403},"2026-01-11",0.41208,{"date":405,"score":290,"percentile":406},"2026-01-12",0.4116,{"date":408,"score":290,"percentile":409},"2026-01-13",0.41138,{"date":411,"score":290,"percentile":412},"2026-01-14",0.41187,{"date":414,"score":290,"percentile":415},"2026-01-15",0.41177,{"date":417,"score":290,"percentile":418},"2026-01-16",0.41197,{"date":420,"score":290,"percentile":421},"2026-01-17",0.41175,{"date":423,"score":290,"percentile":424},"2026-01-18",0.41141,{"date":426,"score":290,"percentile":427},"2026-01-19",0.4111,{"date":429,"score":290,"percentile":430},"2026-01-20",0.41099,{"date":432,"score":290,"percentile":430},"2026-01-21",{"date":434,"score":290,"percentile":435},"2026-01-22",0.4109,{"date":437,"score":290,"percentile":438},"2026-01-23",0.41151,{"date":440,"score":290,"percentile":441},"2026-01-24",0.41164,{"date":443,"score":290,"percentile":444},"2026-01-25",0.41114,{"date":446,"score":290,"percentile":447},"2026-01-26",0.41071,{"date":449,"score":290,"percentile":447},"2026-01-27",{"date":451,"score":290,"percentile":452},"2026-01-28",0.4107,{"date":454,"score":290,"percentile":455},"2026-01-29",0.41053,{"date":457,"score":290,"percentile":458},"2026-01-30",0.4106,{"date":460,"score":290,"percentile":461},"2026-01-31",0.41069,{"date":463,"score":290,"percentile":464},"2026-02-01",0.41176,[466],{"source":126,"cvss_v2_0":467,"cvss_v3_0":472,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":468,"baseSeverity":9,"vectorString":469,"impactScore":470,"exploitabilityScore":471},4.3,"AV:N/AC:M/Au:N/C:P/I:N/A:N",2.9,8.6,{"baseScore":124,"baseSeverity":473,"vectorString":127,"impactScore":474,"exploitabilityScore":475},"MEDIUM",6,5.6,[477,490],{"ecosystem":9,"name":478,"vendor":479,"product":478,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"go","golang","a",[482,488],{"version":483,"is_range":484,"range_type":485,"version_start":9,"version_start_type":9,"version_end":486,"version_end_type":487,"fixed_in":9},"lte1.8.3",true,"cpe","1.8.3","including",{"version":489,"is_range":120,"range_type":485,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.9",{"ecosystem":491,"name":492,"vendor":491,"product":492,"cpe_part":9,"purl_type":479,"purl_namespace":9,"purl_name":492,"source":9,"versions":493},"Go","stdlib",[494],{"version":495,"is_range":484,"range_type":496,"version_start":497,"version_start_type":487,"version_end":498,"version_end_type":499,"fixed_in":9},"gte1_9_0_0_lt1_9_1","semver","1.9.0-0","1.9.1","excluding"]