Bugzilla – Bug 1129122
VUL-0: CVE-2019-9741: golang: CRLF injection in net/http
Last modified: 2020-07-29 14:09:16 UTC
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
Assigned to Jeff, he's the maintainer of Go at SUSE now.
Our go1.11 packages are already in a fixed version in all codestreams closing