CVE-2021-38561

ADVISORY - github

Summary

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.

EPSS Score: 0.00041 (0.118)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Out-of-bounds Read

ADVISORY - github

Out-of-bounds Read

ADVISORY - gitlab

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Out-of-bounds Read

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

Out-of-bounds Read

Improper Input Validation


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in