CVE-2020-28851

描述

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

受影響套件(2)

• Bitnami/golang>= 1.15.4, < 1.15.5
• Debian/golang-golang-x-textfrom 0, < 0.3.6-1

CVSS 分數

參考連結(4)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-28851
• WEBhttps://github.com/golang/go/issues/42535
• WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-28851
• WEBhttps://security.netapp.com/advisory/ntap-20210212-0004/