CVE 2020-24553
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
See the 
CVE page on Mitre.org
for more details.
Launchpad.net
References
- FULLDISC: 20200902 [RT-SA-2020-0...
- MISC: http://packetstormsecu...
- MISC: http://seclists.org/fu...
- MISC: https://groups.google....
- CONFIRM: https://security.netap...
- FEDORA: FEDORA-2020-741cfa13d0
- SUSE: openSUSE-SU-2020:1584
- SUSE: openSUSE-SU-2020:1587
- MISC: https://www.oracle.com...
- MISC: https://www.oracle.com...
- MISC: https://www.redteam-pe...
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)