CVE-2020-28851 (High) detected in github.com/golang/text-v0.3.2 #9

mend-for-github-com · 2021-10-22T20:38:12Z

CVE-2020-28851 - High Severity Vulnerability

Vulnerable Library - github.com/golang/text-v0.3.2

[mirror] Go text processing support

Dependency Hierarchy:

github.com/golang/net-ca1201d0de80cfde86cb01aea620983605dfe99b (Root Library)
- ❌ github.com/golang/text-v0.3.2 (Vulnerable Library)

Found in HEAD commit: c49b88f4fa5622e17f04855717fecd7a27593126

Found in base branch: master

Vulnerability Details

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

Publish Date: 2021-01-02

URL: CVE-2020-28851

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Oct 22, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2020-28851 (High) detected in github.com/golang/text-v0.3.2 #9

CVE-2020-28851 (High) detected in github.com/golang/text-v0.3.2 #9

mend-for-github-com bot commented Oct 22, 2021

CVE-2020-28851 (High) detected in github.com/golang/text-v0.3.2 #9

CVE-2020-28851 (High) detected in github.com/golang/text-v0.3.2 #9

Comments

mend-for-github-com bot commented Oct 22, 2021

CVE-2020-28851 - High Severity Vulnerability