Posted by RedTeam Pentesting GmbH on Sep 02
Advisory: Inconsistent Behavior of Go’s CGI and FastCGI Transport May Lead to Cross-Site Scripting
The CGI and FastCGI implementations in the Go standard library behave
differently from the HTTP server implementation when serving content.
In contrast to the documented behavior, they may return non-HTML data as
HTML. This may lead to cross-site scripting vulnerabilities even if
uploaded data has been validated during upload.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.