2 matches found
SUSE CVE-2020-14039
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements if VerifyOptions.Roots equals nil and the installation is on Windows. Thus, X.509 certificate verification is incomplete...
Improper Certificate Validation
Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: On Windows, if VerifyOptions.Roots is nil, Certificate.Verify does not check the EKU requirements specified in...