Executive Summary

Informations
NameCVE-2019-14809First vendor Publication2019-08-13
VendorCveLast vendor Modification2019-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application134
Os1

Sources (Detail)

SourceUrl
BUGTRAQ https://seclists.org/bugtraq/2019/Aug/31
CONFIRM https://github.com/golang/go/issues/29098
https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg
DEBIAN https://www.debian.org/security/2019/dsa-4503
MISC https://groups.google.com/forum/#!topic/golang-announce/0uuMm1BwpHE

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2019-08-22 00:19:52
  • Multiple Updates
2019-08-19 17:19:39
  • Multiple Updates
2019-08-14 17:19:28
  • Multiple Updates
2019-08-14 05:18:57
  • First insertion