Golang Go 1.7 Release Candidate 1
Approved changes feed: RSS · Atom
cpe:2.3:a:golang:go:1.7:rc1:*:*:*:*:*:*
part: a version: 1.7 update: rc1
| Vendor | Golang (670356c5-bd1b-5c66-9eee-f755f5cec4c7) |
|---|---|
| Product | Go (96a6ef33-04c7-5363-bbc8-7d2a06bf0b4b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/golang/go |
purl2cpe | 2026-06-01 10:12:04.459663 |
pkg:golang/go/go |
purl2cpe | 2026-06-01 10:12:04.459665 |
pkg:googlesource/go |
purl2cpe | 2026-06-01 10:12:04.459666 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2016-5386 |
vulnerable | 2026-06-03 14:35:55.043626 |
Details available
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
Published: 2016-07-19T01:00:00.000Z
Updated: 2024-08-06T01:00:59.948Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.