---

CVE-2020-28851 - log back

CVE-2020-28851 edited at 06 Apr 2021 19:14:07
Severity	- Low + Medium

CVE-2020-28851 edited at 06 Apr 2021 19:13:07
Remote	- Local + Remote

CVE-2020-28851 edited at 06 Apr 2021 19:12:54

Description

- In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) + In golang-golang-x-text before version 0.3.6, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

CVE-2020-28851 edited at 06 Apr 2021 19:12:15
References	https://github.com/golang/go/issues/42535 https://play.golang.org/p/FCHj_rCBdiH + https://github.com/golang/text/commit/e3aa4adf54f644ca0cb35f1f1fb19b239c40ef04

CVE-2020-28851 edited at 02 Jan 2021 11:18:40
Severity	- Medium + Low

CVE-2020-28851 edited at 02 Jan 2021 11:11:34
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
References	+ https://github.com/golang/go/issues/42535 + https://play.golang.org/p/FCHj_rCBdiH
Notes

CVE-2020-28851 created at 02 Jan 2021 11:09:45