The net module in Go and Rust languages is also impacted by the mixed-format IP address validation vulnerability. The bug has to do with how net treats IP addresses as decimal, even when they are provided in a mixed (octal-decimal) format. This can cause indeterminate Server-Side Request Forgery (SSRF) and Remote File Inclusion (RFI) vulnerabilities in applications relying on net could be vulnerable to the bug. In tests by BleepingComputer, typing 0127.0.0/ in Chrome’s address bar has the browser treating it as an IP in octal format.
Source: https://www.bleepingcomputer.com/news/security/go-rust-net-library-affected-by-critical-ip-address-validation-vulnerability/