---

CVE-2020-28852 - log back

CVE-2020-28852 edited at 06 Apr 2021 19:14:15
Severity	- Low + Medium

CVE-2020-28852 edited at 06 Apr 2021 19:13:17
Remote	- Local + Remote

CVE-2020-28852 edited at 19 Jan 2021 17:47:26

Description

- In x/text in Go 1.15.4, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) + In golang-golang-x-text before version 0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

CVE-2020-28852 edited at 02 Jan 2021 11:18:47
Severity	- Medium + Low

CVE-2020-28852 edited at 02 Jan 2021 11:12:27
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ In x/text in Go 1.15.4, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
References	+ https://github.com/golang/go/issues/42536 + https://play.golang.org/p/SwAU9tKYRsj + https://github.com/golang/text/commit/4482a914f52311356f6f4b7a695d4075ca22c0c6
Notes

CVE-2020-28852 created at 02 Jan 2021 11:09:45