VulnerableCode Package Details - pkg:deb/ubuntu/golang-1.12@1.12~beta2-2

Search for packages

Package details: pkg:deb/ubuntu/golang-1.12@1.12~beta2-2

Essentials
History (0)

purl	pkg:deb/ubuntu/golang-1.12@1.12~beta2-2

Next non-vulnerable version	1.12.10-1ubuntu1
Latest non-vulnerable version	1.12.10-1ubuntu1
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-95dr-z3gr-aaag Aliases: CVE-2019-9741	An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.	1.12.5-1ubuntu1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-kq1v-8r3r-aaaf Aliases: CVE-2019-16276	Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.	1.12.10-1ubuntu1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-u6zq-xy5d-aaam	Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.	CVE-2019-6486

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version