Описание
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Applications 6 | mta/mta-hub-rhel8 | Will not fix | ||
| Migration Toolkit for Applications 6 | mta/mta-windup-addon-rhel9 | Will not fix | ||
| Red Hat Ceph Storage 5 | rhceph/rhceph-5-dashboard-rhel8 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-prometheus | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-prom-label-proxy | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/traefik-rhel8 | Not affected | ||
| Red Hat OpenShift distributed tracing 2 | rhosdt/opentelemetry-rhel8-operator | Affected | ||
| Red Hat OpenShift distributed tracing 2 | rhosdt/tempo-gateway-rhel8 | Affected | ||
| MTA-7.0-RHEL-9 | mta/mta-analyzer-addon-rhel9 | Fixed | RHSA-2024:3316 | 23.05.2024 |
| MTA-7.0-RHEL-9 | mta/mta-hub-rhel9 | Fixed | RHSA-2024:3316 | 23.05.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.
A race condition in go-resty can result in HTTP request body disclosur ...
github.com/go-resty/resty/v2 HTTP request body disclosure
EPSS
4.7 Medium
CVSS3