Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
References
Link | Resource |
---|---|
https://groups.google.com/g/golang-announce | Third Party Advisory |
https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI | Exploit Patch Third Party Advisory |
https://security.gentoo.org/glsa/202208-02 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210902-0005/ | Third Party Advisory |
Configurations
History
14 Sep 2022, 21:11
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory |
04 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Oct 2021, 12:19
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:* | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210902-0005/ - Third Party Advisory |
02 Sep 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Aug 2021, 18:43
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://groups.google.com/g/golang-announce - Third Party Advisory | |
References | (MISC) https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI - Exploit, Patch, Third Party Advisory | |
CPE | cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* | |
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 7.3 |
08 Aug 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. |
02 Aug 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-02 19:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-33195
Mitre link : CVE-2021-33195
CVE.ORG link : CVE-2021-33195
JSON object : View
Products Affected
netapp
- cloud_insights_telegraf_agent
golang
- go
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')