Coding With Fun
Home Docker Django Node.js Articles Python pip guide FAQ Policy

Go 1.15.1 and Go 1.14.8 Released: A Security Fix

May 31, 2021 Article blog

Go Team released Go 1.15.1 and Go 1.14.8 to address recently reported security issues. It is recommended that all affected users update to one of the following versions (select Go 1.15.1 if you are not sure which version).

If the handler does not explicitly set Content-Type response header, net/http/cgi and net/http/fcgi packages are set to "text/html" by default, which can lead to cross-site scripting vulnerabilities if an attacker can control the content of the response.

Now modify it to follow the content of the first Write through http.DetectContentType sets the Content-Type response header, which is consistent with the behavior of the net/http package.

While this protects some applications that validate the contents of uploaded files, it is not safe to explicitly set the Content-Type response header on any file controlled by an attacker and should be avoided. That is, you should always explicitly set the Content-Type response header.

RedTeam Pentesting GmbH reports this issue. This issue is CVE-2020-24553, see: github.com/golang/go/issues/40928


Related

Share 14 hands-on experiences that can reduce SCSS 50% of style code

How do I modify the HTML hyperlink style?

What's good about the Java language? Why do so many people choose Java back-end development?

How do I get started learning the C language? How do I get started with the C language foundation?

Python analyzed data from 50,000 dating sites to see portraits of male and female dating men and women

Which software is good to write Python?

Five minutes to learn about the history of Internet Web technology

Introduction to Bootstrap components

What is React? What are the characteristics?

Using Spring to implement policy patterns could have been as simple as that!