Описание
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Связанные уязвимости
CVSS3: 5.3
ubuntu
27 дней назад
[crypto/tls: ALPN negotiation errors can contain arbitrary text]
CVSS3: 5.3
nvd
7 дней назад
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
msrc
6 дней назад
ALPN negotiation error contains attacker controlled information in crypto/tls
CVSS3: 5.3
debian
7 дней назад
When Conn.Handshake fails during ALPN negotiation the error contains a ...
