Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2019-14809
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-13 Aug, 2019 | 21:15
Updated At-07 Nov, 2023 | 03:05

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Go
golang
>>go>>Versions before 1.11.13(exclusive)
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
Go
golang
>>go>>Versions from 1.12.0(inclusive) to 1.12.8(exclusive)
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.htmlcve@mitre.org
N/A
https://access.redhat.com/errata/RHSA-2019:3433cve@mitre.org
N/A
https://github.com/golang/go/issues/29098cve@mitre.org
Exploit
Patch
Third Party Advisory
https://groups.google.com/forum/#%21topic/golang-announce/0uuMm1BwpHEcve@mitre.org
N/A
https://groups.google.com/forum/#%21topic/golang-announce/65QixT3tcmgcve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/cve@mitre.org
N/A
https://seclists.org/bugtraq/2019/Aug/31cve@mitre.org
Mailing List
Third Party Advisory
https://www.debian.org/security/2019/dsa-4503cve@mitre.org
Third Party Advisory
Change History
0Changes found
Details not found