CVE-2022-32149 @ Go-golang.org/x/text-v0.3.7 #22
Description
Vulnerable Package issue exists @ Go-golang.org/x/text-v0.3.7 in branch main
In golang.org/x/text package versions prior to 0.3.8, an attacker may cause a denial of service by crafting an Accept-Language header which "ParseAcceptLanguage" will take significant time to parse.
Namespace: cx-tatianab
Repository: cxone-advanced-lab
Repository Url: https://github.com/cx-tatianab/cxone-advanced-lab
CxAST-Project: cx-tatianab/cxone-advanced-lab
CxAST platform scan: f48a8601-7787-4317-9a43-352045cff082
Branch: main
Application: cxone-advanced-lab
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-772
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: v0.3.8-0.20220722155301-d03b41800055
References
Advisory
Advisory
Mail Thread
Issue
Commit
Release Note