UBUNTU-CVE-2020-24553
- Source
- https://ubuntu.com/security/CVE-2020-24553
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-24553.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-24553
- Upstream
- Downstream
- Related
- Published
- 2020-09-02T17:15:00Z
- Modified
- 2025-09-08T16:46:18Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
- References
-
- https://ubuntu.com/security/CVE-2020-24553
- https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs
- https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting
- http://packetstormsecurity.com/files/159049/Go-CGI-FastCGI-Transport-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2020/Sep/5
- https://ubuntu.com/security/notices/USN-4758-1
- https://www.cve.org/CVERecord?id=CVE-2020-24553
Affected packages
Ubuntu:16.04:LTS
golang-1.10
Package
- Name
- golang-1.10
- Purl
- pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~16.04.2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.4-2ubuntu1~16.04.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.10.4-2ubuntu1~16.04.2",
"binary_name": "golang-1.10"
},
{
"binary_version": "1.10.4-2ubuntu1~16.04.2",
"binary_name": "golang-1.10-go"
},
{
"binary_version": "1.10.4-2ubuntu1~16.04.2",
"binary_name": "golang-1.10-src"
}
],
"availability": "No subscription required"
}Ubuntu:18.04:LTS
golang-1.10
Package
- Name
- golang-1.10
- Purl
- pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~18.04.2?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.4-2ubuntu1~18.04.2
Affected versions
1.*
1.10~rc1-1
1.10~rc1-1ubuntu1
1.10~rc1-2ubuntu1
1.10~rc2-1ubuntu1
1.10-1ubuntu1
1.10.1-1ubuntu2
1.10.4-2ubuntu1~18.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.10.4-2ubuntu1~18.04.2",
"binary_name": "golang-1.10"
},
{
"binary_version": "1.10.4-2ubuntu1~18.04.2",
"binary_name": "golang-1.10-go"
},
{
"binary_version": "1.10.4-2ubuntu1~18.04.2",
"binary_name": "golang-1.10-src"
}
],
"availability": "No subscription required"
}Ubuntu:20.04:LTS
golang-1.14
Package
- Name
- golang-1.14
- Purl
- pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.14.3-2ubuntu2~20.04.2
Affected versions
1.*
1.14~beta1-1
1.14~beta1-2
1.14~rc1-1
1.14-1
1.14.1-1
1.14.2-1
1.14.2-1ubuntu1
1.14.3-2ubuntu2~20.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.14.3-2ubuntu2~20.04.2",
"binary_name": "golang-1.14"
},
{
"binary_version": "1.14.3-2ubuntu2~20.04.2",
"binary_name": "golang-1.14-go"
},
{
"binary_version": "1.14.3-2ubuntu2~20.04.2",
"binary_name": "golang-1.14-src"
}
],
"availability": "No subscription required"
}Ubuntu:22.04:LTS
golang-1.13
Ubuntu:Pro:14.04:LTS
golang-1.10
Ubuntu:Pro:16.04:LTS
golang-1.6
Package
- Name
- golang-1.6
- Purl
- pkg:deb/ubuntu/golang-1.6@1.6.2-0ubuntu5~16.04.4?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.13
Package
- Name
- golang-1.13
- Purl
- pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm3?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:18.04:LTS
golang-1.13
Package
- Name
- golang-1.13
- Purl
- pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4+esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.8
Package
- Name
- golang-1.8
- Purl
- pkg:deb/ubuntu/golang-1.8@1.8.3-2ubuntu1.18.04.1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.8.3-2ubuntu1.18.04.1",
"binary_name": "golang-1.8"
},
{
"binary_version": "1.8.3-2ubuntu1.18.04.1",
"binary_name": "golang-1.8-go"
},
{
"binary_version": "1.8.3-2ubuntu1.18.04.1",
"binary_name": "golang-1.8-go-shared-dev"
},
{
"binary_version": "1.8.3-2ubuntu1.18.04.1",
"binary_name": "golang-1.8-src"
},
{
"binary_version": "1.8.3-2ubuntu1.18.04.1",
"binary_name": "libgolang-1.8-std1"
}
]
}golang-1.9
Ubuntu:Pro:20.04:LTS
golang-1.13
Package
- Name
- golang-1.13
- Purl
- pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.2?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected