CVE-2019-14809 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
An issue has been found in Go before 1.12.8, where url.Parse would accept URLs with malformed hosts, such that the Host field could have arbitrary suffixes that would appear in neither Hostname() nor Port(), allowing authorization bypasses in certain applications. Note that URLs with invalid, not numeric ports will now return an error from url.Parse.
Group Package Affected Fixed Severity Status Ticket
AVG-1021 go 2:1.12.7-1 2:1.12.8-1 Medium Fixed
AVG-1020 go-pie 2:1.12.7-1 2:1.12.8-1 Medium Fixed
Date Advisory Group Package Severity Description
24 Aug 2019 ASA-201908-16 AVG-1020 go-pie Medium multiple issues
24 Aug 2019 ASA-201908-15 AVG-1021 go Medium multiple issues
References
https://golang.org/issue/29098