CNNVD-202508-3474 Information
CNNVD ID
CNNVD-202508-3474
Related CVE
- CNNVD Published: 2025-08-29
Description (Chinese)
Google Golang是美国谷歌(Google)公司的一种静态强类型、编译型语言。Go的语法接近C语言,但对于变量的声明有所不同。Go支持垃圾回收功能。Go的并行模型是以东尼·霍尔的通信顺序进程(CSP)为基础,采取类似模型的其他语言包括Occam和Limbo,但它也具有Pi运算的特征,比如通道传输。 Google Golang存在安全漏洞,该漏洞源于TrustedOrigins中主机列表允许HTTP请求,可能导致跨站请求伪造攻击。
Description (English)
Google Golang is a static, compiled language of Google. Go has a syntax close to the C language, but different statements for variables. Go supports garbage recycling. Go ’ s parallel model is based on Tony Hall ’ s communication sequence process (CSP) and other languages that follow similar models include Occam and Limbo, but it also has the characteristics of a Pi operation, such as channel transport. Google Golang had a security loophole, which originated from the list of hosts in Trusted Origins allowing HTTP requests, which could lead to cross-site requests for false attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
谷歌
Published
2025-08-29
Last Modified
2026-02-24
References
https://pkg.go.dev/vuln/GO-2025-3884 https://github.com/golang/vulndb/issues/3884 https://access.redhat.com/security/cve/cve-2025-47909 https://nvd.nist.gov/vuln/detail/CVE-2025-47909
Share on: