CVE-2019-14809 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Insufficient validation |
| Description | An issue has been found in Go before 1.12.8, where url.Parse would accept URLs with malformed hosts, such that the Host field could have arbitrary suffixes that would appear in neither Hostname() nor Port(), allowing authorization bypasses in certain applications. Note that URLs with invalid, not numeric ports will now return an error from url.Parse. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1021 | go | 2:1.12.7-1 | 2:1.12.8-1 | Medium | Fixed | |
| AVG-1020 | go-pie | 2:1.12.7-1 | 2:1.12.8-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 24 Aug 2019 | ASA-201908-16 | AVG-1020 | go-pie | Medium | multiple issues |
| 24 Aug 2019 | ASA-201908-15 | AVG-1021 | go | Medium | multiple issues |
| References |
|---|
https://golang.org/issue/29098 |