Updated golang packages fix security vulnerability

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path...

CVE-2022-32190

CVE-2022-32190 affects Go’s path.JoinPath and URL.JoinPath, where ../ path elements appended to a relative path are not removed, enabling path-traversal-like behavior. Affected: Golang Go (standard library functions JoinPath/URL.JoinPath). Root cause: ../ components are not stripped from results ...

GO-2022-0988 Failure to strip relative path components in net/url

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...

FreeBSD : go -- multiple vulnerabilities (6fea7103-2ea4-11ed-b403-3dae8ac60d3e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6fea7103-2ea4-11ed-b403-3dae8ac60d3e advisory. - JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For...

go -- multiple vulnerabilities

The Go project reports: net/http: handle server errors after sending GOAWAY A closing HTTP/2 server connection could hang forever waiting for a clean shutdown that was preempted by a subsequent fatal error. This failure mode could be exploited to cause a denial of service. net/url: JoinPath does...