6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
39.1%
github.com/golang/go is vulnerable to CRLF Injection. The vulnerability exists because the library does not properly sanitize the Request.Host
field, which allows an attacker to send a maliciously crafted Host
field through the request header.
github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a
github.com/golang/go/commit/499458f7ca04087958987a33c2703c3ef03e27e2
github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b
github.com/golang/go/issues/60374
github.com/golang/net/commit/63727cc58253c59c71cf8491bb4d7448990d63b8
go-review.googlesource.com/c/go/+/506996
go.dev/cl/506996
go.dev/issue/60374
groups.google.com/g/golang-announce/c/2q13H6LEEx0
groups.google.com/g/golang-announce/c/2q13H6LEEx0?pli=1
pkg.go.dev/vuln/GO-2023-1878
security.gentoo.org/glsa/202311-09
security.netapp.com/advisory/ntap-20230814-0002/