vulnerability

Oracle Linux: CVE-2019-14809: ELSA-2019-3433: go-toolset:ol8 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
08/13/2019
Added
07/22/2024
Modified
12/12/2024

Description

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.

Solution(s)

oracle-linux-upgrade-golangoracle-linux-upgrade-golang-binoracle-linux-upgrade-golang-docsoracle-linux-upgrade-golang-miscoracle-linux-upgrade-golang-raceoracle-linux-upgrade-golang-srcoracle-linux-upgrade-golang-testsoracle-linux-upgrade-go-toolset
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.