A FileSystem Abstraction System for Go
5070 448 91 188

CVE-2022-32149: < 0.3.8 versions before 0.3.8 are vulnerable to CVE-2022-32149:

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

This was flagged in a Whitesource/Mend vulnerability scan. Please update in go.mod to a version equal to or higher than 0.3.8.


  1. From looking at the code, I don't understand why is needed at all. It is only used in util.go in a function NeuterAccents() which is never called...