In golang.org/x/text package versions prior to 0.3.8, an attacker may cause a denial of service by crafting an Accept-Language header which "ParseAcceptLanguage" will take significant time to parse.
HIGH Vulnerable Package issue exists @ golang.org/x/text in branch master
Description
In golang.org/x/text package versions prior to 0.3.8, an attacker may cause a denial of service by crafting an Accept-Language header which "ParseAcceptLanguage" will take significant time to parse.
HIGH Vulnerable Package issue exists @ golang.org/x/text in branch master
Vulnerability ID: CVE-2022-32149
Package Name: golang.org/x/text
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2022-10-14T12:22:00
Current Package Version: v0.3.3
Remediation Upgrade Recommendation: v0.3.3-0.20191122184054-09f8d73ecac2
Link To SCA
Reference – NVD link