{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T00:22:54.560","vulnerabilities":[{"cve":{"id":"CVE-2024-24789","sourceIdentifier":"security@golang.org","published":"2024-06-05T16:15:10.470","lastModified":"2025-01-31T15:15:12.740","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors."},{"lang":"es","value":"El manejo que hace el paquete archive/zip de ciertos tipos de archivos zip no válidos difiere del comportamiento de la mayoría de las implementaciones zip. Esta desalineación podría aprovecharse para crear un archivo zip con contenidos que varían según la implementación que lea el archivo. El paquete archive/zip ahora rechaza los archivos que contienen estos errores."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionEndExcluding":"1.21.11","matchCriteriaId":"7A191F39-17BE-4051-A445-E60525659377"},{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionStartIncluding":"1.22.0","versionEndExcluding":"1.22.4","matchCriteriaId":"4B85AD31-1004-48F3-9A80-7CF48CD0CEA7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2024/06/04/1","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://go.dev/cl/585397","source":"security@golang.org","tags":["Patch"]},{"url":"https://go.dev/issue/66869","source":"security@golang.org","tags":["Issue Tracking","Patch"]},{"url":"https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ","source":"security@golang.org","tags":["Release Notes"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/","source":"security@golang.org"},{"url":"https://pkg.go.dev/vuln/GO-2024-2888","source":"security@golang.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/06/04/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://go.dev/cl/585397","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://go.dev/issue/66869","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://pkg.go.dev/vuln/GO-2024-2888","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20250131-0008/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}