FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| a92dcc5c-e05c-11e9-b589-10c37b4ac2ea | go -- invalid headers are normalized, allowing request smuggling
The Go project reports:
net/http (through net/textproto) used to accept and normalize invalid
HTTP/1.1 headers with a space before the colon, in violation of RFC 7230.
If a Go server is used behind a reverse proxy that accepts and forwards
but doesn't normalize such invalid headers, the reverse proxy and the
server can interpret the headers differently. This can lead to filter
bypasses or request smuggling, the latter if requests from separate clients
are multiplexed onto the same connection by the proxy. Such invalid headers
are now rejected by Go servers, and passed without normalization to Go
client applications.
Discovery 2019-09-25
Entry 2019-09-26
go
< 1.13.1,1
go-devel
< g20190925
CVE-2019-16276
https://github.com/golang/go/issues/34540
|