Base Score

HIGH7.5

CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

VectorNETWORK

Published Bycve@mitre.org

Published DateSep 30, 2019, 19:15

Weakness Type (CWE):CWE-444

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE

References

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html
https://access.redhat.com/errata/RHSA-2020:0101
https://access.redhat.com/errata/RHSA-2020:0329
https://access.redhat.com/errata/RHSA-2020:0652
https://github.com/golang/go/issues/34540
https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ
https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/
https://security.netapp.com/advisory/ntap-20191122-0004/

Base Score

HIGH7.5

Weakness Type (CWE):CWE-444

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE