Go prior to 1.14.8 and 1.15.x prior to 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
golang go |
||
fedoraproject fedora 33 |
||
opensuse leap 15.1 |
||
opensuse leap 15.2 |
||
oracle communications cloud native core policy 1.5.0 |