CVE-2019-16276

high-risk

Published 2019-09-30

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

Do I need to act?

9.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Debian Linux

Leap

Fedora

Openshift Container Platform

Developer Tools

Enterprise Linux

Enterprise Linux Eus

Cloud Insights Telegraf Agent

Debian Redhat Fedoraproject Netapp Opensuse Golang

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html

Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0101

Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0329

Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0652

Patch https://github.com/golang/go/issues/34540

Mailing List https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html

Mailing List https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html

Third Party Advisory https://security.netapp.com/advisory/ntap-20191122-0004/

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html

Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0101

Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0329

Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0652

Patch https://github.com/golang/go/issues/34540

and 6 more references

/ 100

high-risk

Severity 26/34 · High

Exploitability 10/34 · Low

Exposure 17/34 · Moderate