Go-Based Apps Vulnerable to Attacks Resulting from URL Parsing Issue


The way URL parsing is implemented in some Go-based applications creates vulnerabilities that could let threat actors carry out unauthorised actions, according to research by the Israeli cloud-native application security testing company Oxeye.

Go, also known as Golang, is an open source programming language created for the large-scale development of dependable and effective software. Some of the biggest companies in the world use Go, which is backed by Google, to build cloud-native applications, including those for Kubernetes.

Researchers from Oxeye have examined Go-based cloud-native applications and identified an edge case that may have significant ramifications. They have named the problem ParseThru, and it has to do with unsafe URL parsing. Go accepted semicolons as a valid delimiter in the query portion of a URL up until version 1.17.

Read More: Go-Based Apps Vulnerable to Attacks Due to URL Parsing Issue

For more such updates follow us on Google News ITsecuritywire News