Описание
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
Отчет
This issue affects the versions of golang as shipped with Red Hat Ceph Storage 2 and 3, and Red Hat Gluster Storage 3 as the vulnerable code is present.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | golang | Affected | ||
| Red Hat Ceph Storage 3 | golang | Affected | ||
| Red Hat Enterprise Linux 7 | golang | Will not fix | ||
| Red Hat OpenStack Platform 8 (Liberty) Operational Tools | golang | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) Operational Tools | golang | Will not fix | ||
| Red Hat Storage 3 | golang | Affected | ||
| Red Hat Developer Tools | go-toolset-1.11 | Fixed | RHSA-2019:1300 | 30.05.2019 |
| Red Hat Developer Tools | go-toolset-1.11-golang | Fixed | RHSA-2019:1300 | 30.05.2019 |
| Red Hat Enterprise Linux 8 | go-toolset | Fixed | RHSA-2019:1519 | 18.06.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
An issue was discovered in net/http in Go 1.11.5. CRLF injection is po ...
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
EPSS
5.3 Medium
CVSS3