FreeBSD : go -- net/http/cgi, net/http/fcgi: XSS (XSS) when Content-Type is not specified (67b050ae-ec82-11ea-9071-10c37b4ac2ea)

The Go project reports : When a Handler does not explicitly set the Content-Type header, both CGI implementations default to 'text/html'. If an attacker can make a server generate content under their control e.g. a JSON containing user data or an uploaded image file this might be mistakenly...

Updated python3/python packages fix security vulnerability

Fix for CVE-2016-1000110 HTTPoxy attack. Many software projects and vendors have implemented support for the “Proxy” request header in their respective CGI implementations and languages by creating the “HTTPPROXY” environmental variable based on the header value. When this variable is used in man...