In x/text versions prior to 0.3.6 in Go, an "index out of range" panic occurs in "language.ParseAcceptLanguage" while parsing the "-u- extension". "x/text/language" is supposed to be able to parse an HTTP Accept-Language header.
HIGH Vulnerable Package issue exists @ golang.org/x/text in branch master
Description
In x/text versions prior to 0.3.6 in Go, an "index out of range" panic occurs in "language.ParseAcceptLanguage" while parsing the "-u- extension". "x/text/language" is supposed to be able to parse an HTTP Accept-Language header.
HIGH Vulnerable Package issue exists @ golang.org/x/text in branch master
Vulnerability ID: CVE-2020-28851
Package Name: golang.org/x/text
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2021-01-02T06:15:00
Current Package Version: v0.3.3
Remediation Upgrade Recommendation: v0.3.3-0.20191122184054-09f8d73ecac2
Link To SCA
Reference – NVD link