VDB

GCVE-VVD-MAGEIA-2020-424

GCVE-VVD-MAGEIA-2020-424
Advisory Published
Vulnetix · Advisory published November 15, 2020
A flaw was found in Go standard library packages. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". An attacker could exploit this in applications using these packages by uploading crafted files, allowing for a cross-site scripting attack (XSS) (CVE-2020-24553).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiagolang0 (affected), 1.13.15-2.mga7 (unaffected)

References

Updated golang packages fix a security vulnerability
advisory
Updated golang packages fix a security vulnerability
issue
Updated golang packages fix a security vulnerability
issue
Updated golang packages fix a security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›