Описание
Initial debug-host handler implementation could leak information and facilitate denial of service
Impact
version 1.5.0 and 1.6.0 when using the new debug-host feature could expose unnecessary information about the host
Patches
Use 1.6.1 or newer
Workarounds
Downgrade to 1.4.0 or set debug-host to empty
References
Пакеты
Наименование
fortio.org/proxy
go
Затронутые версииВерсия исправления
>= 1.5.0, < 1.6.1
1.6.1
Дефекты
CWE-200
Дефекты
CWE-200