CVE-2021-33197

Опубликовано: 02 авг. 2021

Источник: debian

EPSS Низкий

Описание

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
golang-1.16	fixed	1.16.5-1		package
golang-1.15	fixed	1.15.9-5		package
golang-1.11	removed			package
golang-1.11	postponed		buster	package
golang-1.8	removed			package
golang-1.8	postponed		stretch	package
golang-1.7	removed			package
golang-1.7	postponed		stretch	package

Примечания

https://github.com/golang/go/issues/46313
https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 (1.15)

EPSS

Процентиль: 2%

0.00017

Низкий

Связанные уязвимости

CVE-2021-33197

CVSS3: 5.3

ubuntu

почти 4 года назад

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

CVE-2021-33197

CVSS3: 5.3

redhat

около 4 лет назад

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

CVE-2021-33197

CVSS3: 5.3

nvd

почти 4 года назад

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

CVE-2021-33197

CVSS3: 5.3

msrc

9 месяцев назад

Описание отсутствует

GHSA-wqr7-cf9q-rvf7

CVSS3: 5.3

github

около 3 лет назад

Go before 1.15.12 and 1.16.x before 1.16.5 acts as an Unintended Proxy or Intermediary.

EPSS

Процентиль: 2%

0.00017

Низкий