CVE-2019-12159

GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from getRequestType) via a long URL.
Source: NIST
CVE-2019-12159