You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
mend-for-github-combot
changed the title
CVE-2021-38561 (High) detected in github.com/golang/text-v0.3.0, grafanav5.0.0-beta1
CVE-2021-38561 (High) detected in github.com/golang/text/language-v0.3.0, grafanav5.0.0-beta1
Sep 12, 2022
mend-for-github-combot
changed the title
CVE-2021-38561 (High) detected in github.com/golang/text/language-v0.3.0, grafanav5.0.0-beta1
CVE-2021-38561 (High) detected in grafanav5.0.0-beta1
Feb 21, 2023
CVE-2021-38561 - High Severity Vulnerability
Vulnerable Library - grafanav5.0.0-beta1
The tool for beautiful monitoring and metric analytics & dashboards for Graphite, InfluxDB & Prometheus & More
Library home page: https://github.com/grafana/grafana.git
Vulnerable Source Files (1)
/vendor/golang.org/x/text/language/parse.go
Vulnerability Details
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
Publish Date: 2022-12-26
URL: CVE-2021-38561
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://osv.dev/vulnerability/GO-2021-0113
Release Date: 2021-08-12
Fix Resolution: v0.3.7
The text was updated successfully, but these errors were encountered: