Vulnerability Overview Vulnerability Name: Vulnerability ID: #78948 Vulnerability Type: Security Vulnerability Vulnerability Status: Fixed Impact Scope Affected Component: in the package Specific Impact: When the function or function is used to parse query parameters, forwards query parameters exceeding the limit, leading to potential security issues. Remediation Remediation Measure: now avoids forwarding parameters that exceed the limit. Fixed Version: Fixed in subsequent versions of Go. Related Links: - CVE-2026-39823 - Go Official Issue: https://go.dev/dev/issue/78948 POC Code Additional Information Labels: , , Participants: neild, gopherbot, Jah-yee, prattmic, U pull, stefanb Timeline: - 2023-02-02: neild submitted the Issue - 2023-02-02: gopherbot added labels - 2023-02-02: Jah-yee mentioned related Issue - 2023-02-02: prattmic added the label - 2023-02-02: gopherbot closed the Issue - 2023-02-02: U pull added a Commit referencing this Issue - 2023-02-02: gopherbot created a backport Issue - 2023-02-02: gopherbot mentioned related Issue - 2023-02-02: gopherbot added Commits referencing this Issue - 2023-02-02: stefanb mentioned related Pull Request Summary This vulnerability involves the component in the package. When the or functions are used to parse query parameters, it forwards parameters exceeding the limit, causing potential security issues. The remediation involves avoiding the forwarding of parameters that exceed the limit, and this has been fixed in subsequent versions of Go.