Download
| Alert*
|
oval:org.secpod.oval:def:203980
The golang packages provide the Go programming language compiler. The following packages have been upgraded to a newer upstream version: golang . Security Fix: * An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable &q ... oval:org.secpod.oval:def:111139 The Go Programming Language. oval:org.secpod.oval:def:111140 The Go Programming Language. oval:org.secpod.oval:def:1900842 The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI appli ... oval:org.secpod.oval:def:1600442 An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTP_PROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTP_PROXY" is used by numerous web clients, including Go"s net/http package, ... oval:org.secpod.oval:def:1800332 Many software projects and vendors have implemented support for the Proxy request header in their respective CGI implementations and languages by creating the HTTP_PROXY environmental variable based on the header value. When this variable is used any outgoing requests generated in turn from the att ... oval:org.secpod.oval:def:1501532 The golang packages provide the Go programming language compiler. The following packages have been upgraded to a newer upstream version: golang . Security Fix: * An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HT ... oval:org.secpod.oval:def:1800516 Many software projects and vendors have implemented support for the Proxy request header in their respective CGI implementations and languages by creating the HTTP_PROXY environmental variable based on the header value. When this variable is used any outgoing requests generated in turn from the att ... |
