Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2020-1445

Related Vulnerabilities: CVE-2020-24553  

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. (CVE-2020-24553)

Source

ALAS-2020-1445

Amazon Linux AMI Security Advisory: ALAS-2020-1445
Advisory Release Date: 2020-11-14 01:22 Pacific
Advisory Updated Date: 2020-11-16 21:17 Pacific
Severity: Medium
References: CVE-2020-24553 
Issue Overview:

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. (CVE-2020-24553)


Affected Packages:

golang


Issue Correction:
Run yum update golang to update your system.

New Packages:
i686:
    golang-bin-1.15.3-1.63.amzn1.i686
    golang-1.15.3-1.63.amzn1.i686

noarch:
    golang-docs-1.15.3-1.63.amzn1.noarch
    golang-src-1.15.3-1.63.amzn1.noarch
    golang-misc-1.15.3-1.63.amzn1.noarch
    golang-tests-1.15.3-1.63.amzn1.noarch

src:
    golang-1.15.3-1.63.amzn1.src

x86_64:
    golang-race-1.15.3-1.63.amzn1.x86_64
    golang-1.15.3-1.63.amzn1.x86_64
    golang-bin-1.15.3-1.63.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started