Amazon Linux 2 : golang, --advisory ALAS2-2020-1383 (ALAS-2020-1383)

The version of golang installed on the remote host is prior to 1.13.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1383 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C...

golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling

It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or ...

Medium: golang

Issue Overview: It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server...

HTTP Header Injection

net/textproto in github.com/golang/go is vulnerable to HTTP header injection attacks. These attacks are possible because it treats spaces as hyphens. This leaves net/textproto vulnerable to request smuggling...

CVE-2015-5739

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."...

HTTP Header Injection

net/textproto in github.com/golang/go is vulnerable to HTTP header injection attacks. These attacks are possible because it treats spaces as hyphens. This leaves net/textproto vulnerable to request smuggling...