Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The use of the net/http/cgi package in Go is insecure because it is vulnerable to httpoxy attacks (CVE-2015-5386). This package can allow attackers to manipulate HTTP headers in ways that compromise application security.
Impact#
If exploited, attackers could intercept or redirect sensitive data, interfere with backend requests, or expose confidential information. This can lead to data leaks, unauthorized access, or broader application compromise, putting both user data and system integrity at risk.