Количество 12
Количество 12
CVE-2019-14809
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.
CVE-2019-14809
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.
CVE-2019-14809
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.
CVE-2019-14809
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malfo ...
GHSA-2xf8-4fv6-m993
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.
ELSA-2019-3433
ELSA-2019-3433: go-toolset:ol8 security, bug fix, and enhancement update (MODERATE)
BDU:2019-03595
Уязвимость функции net/url языка программирования GO, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании
openSUSE-SU-2019:2130-1
Security update for go1.12
openSUSE-SU-2019:2085-1
Security update for go1.12
openSUSE-SU-2019:2072-1
Security update for go1.11
openSUSE-SU-2019:2056-1
Security update for go1.12
openSUSE-SU-2019:2000-1
Security update for go1.12
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-14809 net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. | CVSS3: 9.8 | 3% Низкий | больше 6 лет назад |
 | CVE-2019-14809 net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. | CVSS3: 7.5 | 3% Низкий | больше 6 лет назад |
 | CVE-2019-14809 net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. | CVSS3: 9.8 | 3% Низкий | больше 6 лет назад |
| CVE-2019-14809 net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malfo ... | CVSS3: 9.8 | 3% Низкий | больше 6 лет назад |
| GHSA-2xf8-4fv6-m993 net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. | 3% Низкий | больше 3 лет назад | |
| ELSA-2019-3433 ELSA-2019-3433: go-toolset:ol8 security, bug fix, and enhancement update (MODERATE) | около 6 лет назад | ||
 | BDU:2019-03595 Уязвимость функции net/url языка программирования GO, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании | CVSS3: 9.8 | 3% Низкий | больше 6 лет назад |
 | openSUSE-SU-2019:2130-1 Security update for go1.12 | больше 6 лет назад | ||
| openSUSE-SU-2019:2085-1 Security update for go1.12 | больше 6 лет назад | ||
| openSUSE-SU-2019:2072-1 Security update for go1.11 | больше 6 лет назад | ||
| openSUSE-SU-2019:2056-1 Security update for go1.12 | больше 6 лет назад | ||
| openSUSE-SU-2019:2000-1 Security update for go1.12 | больше 6 лет назад |
Уязвимостей на страницу