ALT-PU-2022-2615-1
Closed vulnerabilities
Published: 2022-09-06
BDU:2022-05544
Уязвимость пакета net/http языка программирования Go, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-09-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-27664
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://groups.google.com/g/golang-announce
- https://groups.google.com/g/golang-announce
- https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
- https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
- FEDORA-2022-45097317b4
- FEDORA-2022-45097317b4
- FEDORA-2022-67ec8c61d0
- FEDORA-2022-67ec8c61d0
- GLSA-202209-26
- GLSA-202209-26
- https://security.netapp.com/advisory/ntap-20220923-0004/
- https://security.netapp.com/advisory/ntap-20220923-0004/
Published: 2022-09-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-32190
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References: