FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| 67b050ae-ec82-11ea-9071-10c37b4ac2ea | go -- net/http/cgi, net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified
The Go project reports:
When a Handler does not explicitly set the Content-Type header, both
CGI implementations default to âtext/htmlâ. If an attacker can make
a server generate content under their control (e.g. a JSON
containing user data or an uploaded image file) this might be
mistakenly returned by the server as âtext/htmlâ. If a victim visits
such a page they could get the attacker's code executed in the
context of the server origin. If an attacker can make a server
generate content under their control (e.g. a JSON containing user
data or an uploaded image file) this might be mistakenly returned by
the server as âtext/htmlâ. If a victim visits such a page they could
get the attacker's code executed in the context of the server
origin.
Discovery 2020-08-20
Entry 2020-09-01
go
< 1.14.8,1
ge 1.15,1 lt 1.15.1,1
CVE-2020-24553
https://github.com/golang/go/issues/40928
|