[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2020:1584-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":20,"modified_at":21,"state":9,"summary":22,"references_raw":24,"kevs":45,"epss":9,"epss_history":46,"metrics":47,"affected":48},"OPENSUSE-SU-2020:1584-1","Security update for go1.14\n\nThis update for go1.14 fixes the following issues:\n\n- go1.14.9 (released 2020-09-09) includes fixes to the compiler,\n  linker, runtime, documentation, and the net/http and testing\n  packages.\n  Refs bsc#1164903 go1.14 release tracking\n  * go#41192 net/http/fcgi: race detected during execution of TestResponseWriterSniffsContentType test\n  * go#41016 net/http: Transport.CancelRequest no longer cancels in-flight request\n  * go#40973 net/http: RoundTrip unexpectedly changes Request\n  * go#40968 runtime: checkptr incorrectly -race flagging when using &^ arithmetic\n  * go#40938 cmd/compile: R12 can be clobbered for write barrier call on PPC64\n  * go#40848 testing: '=== PAUSE' lines do not change the test name for the next log line\n  * go#40797 cmd/compile: inline marker targets not reachable after assembly on arm\n  * go#40766 cmd/compile: inline marker targets not reachable after assembly on ppc64x\n  * go#40501 cmd/compile: for range loop reading past slice end\n  * go#40411 runtime: Windows service lifecycle events behave incorrectly when called within a golang environment\n  * go#40398 runtime: fatal error: checkdead: runnable g\n  * go#40192 runtime: pageAlloc.searchAddr may point to unmapped memory in discontiguous heaps, violating its invariant\n  * go#39955 cmd/link: incorrect GC bitmap when global's type is in another shared object\n  * go#39690 cmd/compile: s390x floating point \u003C-> integer conversions clobbering the condition code\n  * go#39279 net/http: Re-connect with upgraded HTTP2 connection fails to send Request.body\n  * go#38904 doc: include fix for #34437 in Go 1.14 release notes\n\n- go1.14.8 (released 2020-09-01) includes security fixes to the\n  net/http/cgi and net/http/fcgi packages.\n  CVE-2020-24553\n  Refs bsc#1164903 go1.14 release tracking\n  * bsc#1176031 CVE-2020-24553\n  * go#41164 net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified\nThis update was imported from the SUSE:SLE-15:Update update project.",null,[],[],[],[14],{"_key":15},"CVE-2020-24553",[],[],[19],{"_key":15},"2020-10-01T10:23:44Z","2026-02-04T04:32:55.223445Z",{"cisa_kev":23,"cisa_ransomware":23,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[25,31,36,40],{"url":26,"sources":27,"tags":29},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DE2ZNS43NAWE73RDB56Q2NSEQJA2VRI5/",[28],"osv_opensuse",[30],"Advisory",{"url":32,"sources":33,"tags":34},"https://bugzilla.suse.com/1164903",[28],[35],"REPORT",{"url":37,"sources":38,"tags":39},"https://bugzilla.suse.com/1176031",[28],[35],{"url":41,"sources":42,"tags":43},"https://www.suse.com/security/cve/CVE-2020-24553",[28],[44],"WEB",[],[],[],[49],{"ecosystem":50,"name":51,"vendor":52,"product":53,"cpe_part":9,"purl_type":54,"purl_namespace":52,"purl_name":53,"source":9,"versions":55},"openSUSE","go1.14","opensuse","go1.14&distro=openSUSE Leap 15.1","rpm",[56],{"version":57,"is_range":58,"range_type":59,"version_start":9,"version_start_type":9,"version_end":60,"version_end_type":61,"fixed_in":9},"lt1_14_9_lp151_16_1",true,"ecosystem","1.14.9-lp151.16.1","excluding"]