Denial of service via crafted Accept-Language header in golang.org/x/text/language

Overview

Source
ID
GO-2022-1059
Aliases
CVE-2022-32149
GHSA-69ch-w2m2-3vjp
Affected package

Description

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

Summary

101.97k
Total packages affected
Packages with at least one version that is affected by the advisory or has an affected dependency.
11.89k
Packages with a known fix
Packages with versions affected by the advisory that have a greater version that is not affected.
7.74%
Total ecosystem affected
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.3.8
Affected