In Go prior to 1.13.13 and 1.14.x prior to 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
golang go |
||
opensuse leap 15.1 |
||
opensuse leap 15.2 |