Dependency Report
Raw Location Data:🟧 Missing Release of Resource after Effective Lifetime in golang.org/x/text
Description
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
Solution
Upgrade to version 0.3.8 or above.
Severity
High
CVE
go.sum:golang.org/x/text:gemnasium:ba6a6098-01f3-4fe6-919c-948ba7dba76e
Identifiers
Gemnasium-ba6a6098-01f3-4fe6-919c-948ba7dba76e, CVE-2022-32149
Links
https://go.dev/cl/442235, https://go.dev/issue/56152, https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ, https://nvd.nist.gov/vuln/detail/CVE-2022-32149, https://pkg.go.dev/vuln/GO-2022-1059
{
"file": "go.sum",
"dependency": {
"package": {
"name": "golang.org/x/text"
},
"version": "v0.3.0"
}
}