Yesterday's Grafana authentication bypass vulnerability (CVE-2022-39328) is really neat from the perspective of auditing Go code. Concurrent requests could accidentally share the same array slice of middleware handlers. Advisory at https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/ and actual patch diff at https://github.com/grafana/grafana/pull/58458/files