Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2022/02/17 6:15 p.m.32 views

GO-2021-0143

When a Handler does not explicitly set the Content-Type header, the net/http/cgi and net/http/fcgi packages default to "text/html", which can cause a Cross-Site Scripting vulnerability if an attacker can control any part of the contents of a response...

0.9AI score
Exploits0References4
OSV
OSVadded 2022/01/13 3:44 a.m.38 views

GO-2021-0226 Cross-site scripting in net/http/cgi and net/http/fcgi

When a Handler does not explicitly set the Content-Type header, the the package would default to “text/html”, which could cause a Cross-Site Scripting vulnerability if an attacker can control any part of the contents of a response. The Content-Type header is now set based on the contents of the...

6.1CVSS6.2AI score0.0015EPSS
Exploits2References4
Tenable Nessus
Tenable Nessusadded 2021/02/01 12:0 a.m.68 views

CentOS 8 : go-toolset:rhel8 (CESA-2020:5493)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:5493 advisory. - golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS CVE-2020-24553 - golang: math/big: panic during recursive...

7.5CVSS7AI score0.00711EPSS
Exploits2References5
RedHat Linux
RedHat Linuxadded 2020/12/15 5:12 p.m.106 views

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7AI score0.00711EPSS
Exploits2References6
Mageia
Mageiaadded 2020/11/15 3:45 p.m.92 views

Updated golang packages fix a security vulnerability

A flaw was found in Go standard library packages. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". An attacker could exploit this in applications using these packages by uploading crafted files, allowing fo...

6.1CVSS6.2AI score0.0015EPSS
Exploits2References3
Tenable Nessus
Tenable Nessusadded 2020/09/02 12:0 a.m.43 views

FreeBSD : go -- net/http/cgi, net/http/fcgi: XSS (XSS) when Content-Type is not specified (67b050ae-ec82-11ea-9071-10c37b4ac2ea)

The Go project reports : When a Handler does not explicitly set the Content-Type header, both CGI implementations default to 'text/html'. If an attacker can make a server generate content under their control e.g. a JSON containing user data or an uploaded image file this might be mistakenly...

6.1CVSS6.9AI score0.0015EPSS
Exploits2References3
Veracode
Veracodeadded 2017/05/03 2:22 a.m.24 views

HTTPoxy Vulnerability

net/http/cgi and net/http in github.com/golang/go is vulnerable to httpoxy attacks. The vulnerability exists because it trusts the HTTPPROXY environment variable, and allows the configuration of proxies by setting the environment variables HTTPPROXY and HTTPSPROXY without checking if CGI is in us...

8.1CVSS7.8AI score0.45904EPSS
Exploits0References12Affected Software2
Rows per page
Query Builder