VYPR
Unrated severityOSV Advisory· Published Mar 13, 2019· Updated Aug 4, 2024

CVE-2019-9741

CVE-2019-9741

Description

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: go1.10beta1, go1.10beta2, go1.10rc1, …
  • GO/net/httpllm-fuzzy
    Range: = 1.11.5

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.