golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
HIGH Vulnerable Package issue exists @ golang.org/x/text in branch master
Description
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
HIGH Vulnerable Package issue exists @ golang.org/x/text in branch master
Vulnerability ID: CVE-2021-38561
Package Name: golang.org/x/text
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2022-12-26T08:20:00
Current Package Version: v0.3.3
Remediation Upgrade Recommendation: v0.3.3-0.20191122184054-09f8d73ecac2
Link To SCA
Reference – NVD link