CVE-2020-28852 log

Source
Severity Low
Remote No
Type Denial of service
Description
In x/text in Go 1.15.4, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Group Package Affected Fixed Severity Status Ticket
AVG-1396 golang-golang-x-text 0.3.3-2 Low Vulnerable
References
https://github.com/golang/go/issues/42536
https://play.golang.org/p/SwAU9tKYRsj
https://github.com/golang/text/commit/4482a914f52311356f6f4b7a695d4075ca22c0c6