FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

go -- multiple vulnerabilities

Affected packages
go118 < 1.18.6
go119 < 1.19.1


VuXML ID 6fea7103-2ea4-11ed-b403-3dae8ac60d3e
Discovery 2022-09-06
Entry 2022-09-07

The Go project reports:

net/http: handle server errors after sending GOAWAY

A closing HTTP/2 server connection could hang forever waiting for a clean shutdown that was preempted by a subsequent fatal error. This failure mode could be exploited to cause a denial of service.

net/url: JoinPath does not strip relative path components in all circumstances

JoinPath and URL.JoinPath would not remove ../ path components appended to a relative path.


CVE Name CVE-2022-27664
CVE Name CVE-2022-32190