ByteOS Network

▼CVE Numbering Authority (CNA)

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

References

Hyperlink	Resource
https://groups.google.com/forum/#%21topic/golang-announce/0uuMm1BwpHE	x_refsource_MISC
https://groups.google.com/forum/#%21topic/golang-announce/65QixT3tcmg	x_refsource_CONFIRM
https://github.com/golang/go/issues/29098	x_refsource_CONFIRM
https://seclists.org/bugtraq/2019/Aug/31	mailing-list x_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4503	vendor-advisory x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html	vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html	vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html	vendor-advisory x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/	vendor-advisory x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/	vendor-advisory x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html	vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html	vendor-advisory x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2019:3433	vendor-advisory x_refsource_REDHAT

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://groups.google.com/forum/#%21topic/golang-announce/0uuMm1BwpHE	x_refsource_MISC x_transferred
https://groups.google.com/forum/#%21topic/golang-announce/65QixT3tcmg	x_refsource_CONFIRM x_transferred
https://github.com/golang/go/issues/29098	x_refsource_CONFIRM x_transferred
https://seclists.org/bugtraq/2019/Aug/31	mailing-list x_refsource_BUGTRAQ x_transferred
https://www.debian.org/security/2019/dsa-4503	vendor-advisory x_refsource_DEBIAN x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html	vendor-advisory x_refsource_SUSE x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html	vendor-advisory x_refsource_SUSE x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html	vendor-advisory x_refsource_SUSE x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/	vendor-advisory x_refsource_FEDORA x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/	vendor-advisory x_refsource_FEDORA x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html	vendor-advisory x_refsource_SUSE x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html	vendor-advisory x_refsource_SUSE x_transferred
https://access.redhat.com/errata/RHSA-2019:3433	vendor-advisory x_refsource_REDHAT x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References