FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
67b050ae-ec82-11ea-9071-10c37b4ac2eago -- net/http/cgi, net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified

The Go project reports:

When a Handler does not explicitly set the Content-Type header, both CGI implementations default to “text/html”. If an attacker can make a server generate content under their control (e.g. a JSON containing user data or an uploaded image file) this might be mistakenly returned by the server as “text/html”. If a victim visits such a page they could get the attacker's code executed in the context of the server origin. If an attacker can make a server generate content under their control (e.g. a JSON containing user data or an uploaded image file) this might be mistakenly returned by the server as “text/html”. If a victim visits such a page they could get the attacker's code executed in the context of the server origin.


Discovery 2020-08-20
Entry 2020-09-01
go
lt 1.14.8,1

ge 1.15,1 lt 1.15.1,1

CVE-2020-24553
https://github.com/golang/go/issues/40928