Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-32148

Опубликовано: 10 авг. 2022
Источник: debian

Описание

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.19fixed1.19~rc1-1package
golang-1.18fixed1.18.4-1package
golang-1.17fixed1.17.13-1package
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage

Примечания

  • https://github.com/golang/go/issues/53423

  • https://github.com/golang/go/commit/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a (go1.19rc1)

  • https://github.com/golang/go/commit/ebea1e3353fa766025aa5190b9c7cc05cf069187 (go1.18.4)

  • https://github.com/golang/go/commit/ed2f33e1a7e0d18f61bd56f7ee067331d612c27e (go1.17.12)

Связанные уязвимости

ubuntu логотип

CVE-2022-32148

CVSS3: 6.5
ubuntu
почти 3 года назад

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.

redhat логотип

CVE-2022-32148

CVSS3: 6.5
redhat
почти 3 года назад

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.

nvd логотип

CVE-2022-32148

CVSS3: 6.5
nvd
почти 3 года назад

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.

msrc логотип

CVE-2022-32148

CVSS3: 6.5
msrc
почти 3 года назад

Описание отсутствует

github логотип

GHSA-f839-v4x8-wvr3

CVSS3: 6.5
github
почти 3 года назад

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.