OVAL Reference oval:org.opensuse.security:def:201914809

Oval Definition:

oval:org.opensuse.security:def:201914809

Revision Date:	2022-06-30	Version:	1
Title:	CVE-2019-14809
Description:	net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2019-14809 SUSE-SU-2019:2213-1 SUSE-SU-2019:2214-1 openSUSE-SU-2019:2000-1 openSUSE-SU-2019:2056-1 openSUSE-SU-2019:2072-1 openSUSE-SU-2019:2085-1 openSUSE-SU-2019:2130-1 Mitre CVE-2019-14809 SUSE CVE-2019-14809 SUSE-SU-2019:2213-1 SUSE-SU-2019:2214-1 openSUSE-SU-2019:2000-1 openSUSE-SU-2019:2056-1 openSUSE-SU-2019:2072-1 openSUSE-SU-2019:2085-1 openSUSE-SU-2019:2130-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Tumbleweed SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1	Product(s):
Definition Synopsis
Release Information SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND go1.11-1.11.13-1.18 is installed OR go1.11-doc-1.11.13-1.18 is installed OR go1.12-1.12.9-1.15 is installed OR go1.12-doc-1.12.9-1.15 is installed OR Package Information SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND go1.11-1.11.13-1.18 is installed OR go1.11-doc-1.11.13-1.18 is installed OR go1.11-race-1.11.13-1.18 is installed OR go1.12-1.12.9-1.15 is installed OR go1.12-doc-1.12.9-1.15 is installed OR go1.12-race-1.12.9-1.15 is installed
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information go1.11-1.11.13-lp150.18 is installed AND go1.11 is signed with openSUSE key OR go1.11-doc-1.11.13-lp150.18 is installed AND go1.11-doc is signed with openSUSE key OR go1.11-race-1.11.13-lp150.18 is installed AND go1.11-race is signed with openSUSE key OR go1.12-1.12.9-lp150.8 is installed AND go1.12 is signed with openSUSE key OR go1.12-doc-1.12.9-lp150.8 is installed AND go1.12-doc is signed with openSUSE key OR go1.12-race-1.12.9-lp150.8 is installed AND go1.12-race is signed with openSUSE key
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information go1.11-1.11.13-lp151.2.9 is installed AND go1.11 is signed with openSUSE key OR go1.11-doc-1.11.13-lp151.2.9 is installed AND go1.11-doc is signed with openSUSE key OR go1.11-race-1.11.13-lp151.2.9 is installed AND go1.11-race is signed with openSUSE key OR go1.12-1.12.9-lp151.2.21 is installed AND go1.12 is signed with openSUSE key OR go1.12-doc-1.12.9-lp151.2.21 is installed AND go1.12-doc is signed with openSUSE key OR go1.12-race-1.12.9-lp151.2.21 is installed AND go1.12-race is signed with openSUSE key
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information go1.11-1.11.13-1.18 is installed OR go1.11-doc-1.11.13-1.18 is installed OR go1.11-race-1.11.13-1.18 is installed OR go1.12-1.12.9-1.15 is installed OR go1.12-doc-1.12.9-1.15 is installed OR go1.12-race-1.12.9-1.15 is installed
Definition Synopsis
openSUSE Tumbleweed is installed AND Package Information go1.11-1.11.13-10.5 is installed OR go1.11-doc-1.11.13-10.5 is installed OR go1.11-race-1.11.13-10.5 is installed OR go1.12-1.12.17-4.8 is installed OR go1.12-doc-1.12.17-4.8 is installed OR go1.12-race-1.12.17-4.8 is installed

BACK