Unrated severityNVD Advisory· Published Sep 2, 2020· Updated Aug 4, 2024
CVE-2020-24553
CVE-2020-24553
Description
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- Go/Godescription
- osv-coords9 versionspkg:bitnami/golangpkg:rpm/opensuse/go1.14&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/go1.14&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/go1.14&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.15&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/go1.14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/go1.15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/go1.15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2
< 1.14.8+ 8 more
- (no CPE)range: < 1.14.8
- (no CPE)range: < 1.14.9-lp151.16.1
- (no CPE)range: < 1.14.9-lp152.2.6.1
- (no CPE)range: < 1.14.15-1.6
- (no CPE)range: < 1.15.15-1.2
- (no CPE)range: < 1.14.9-1.18.1
- (no CPE)range: < 1.14.9-1.18.1
- (no CPE)range: < 1.15.2-1.3.1
- (no CPE)range: < 1.15.2-1.3.1
Patches
Vulnerability mechanics
References
10- lists.opensuse.org/opensuse-security-announce/2020-10/msg00000.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-10/msg00002.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZBO7Q73GGWBVYIKNH2HNN44Q5IQND5W/mitrevendor-advisoryx_refsource_FEDORA
- packetstormsecurity.com/files/159049/Go-CGI-FastCGI-Transport-Cross-Site-Scripting.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2020/Sep/5mitremailing-listx_refsource_FULLDISCx_refsource_MISC
- groups.google.com/forum/mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20200924-0003/mitrex_refsource_CONFIRM
- www.oracle.com//security-alerts/cpujul2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuApr2021.htmlmitrex_refsource_MISC
- www.redteam-pentesting.de/advisories/rt-sa-2020-004mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.