Moderate: Red Hat Security Advisory: Logging Subsystem 5.4.5 Security and Bug Fix Update

Logging Subsystem 5.4.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...

Important: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.24.0

Release of OpenShift Serverless Client kn 1.24.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

CVE-2022-32148

CVE-2022-32148 affects Go’s net/http/httputil ReverseProxy. A nil value in Request.Header for X-Forwarded-For can trigger ReverseProxy.ServeHTTP to set the client IP as the header value, exposing the client IP. Affected component: net/http/httputil ReverseProxy handling. Root cause: improper hand...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2022-5775)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5775 advisory. delve 1.7.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.7.2-1 - Rebase to 1.7.2 - Related: rhbz2014088 golang 1.17.12-1 - Updat...

CentOS 8 : go-toolset:rhel8 (CESA-2022:5775)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:5775 advisory. - golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - golang: go/parser: stack exhaustion in all Parse functions...

RHEL 9 : go-toolset and golang (RHSA-2022:5799)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5799 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go...

CVE-2022-32148

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-33197)

Summary Security Vulnerabilities affect IBM Cloud Private - Golang Vulnerability Details CVEID: CVE-2021-33197 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By sending a specially-crafted request, a...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-1254)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-1242)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler...

golang: net/http/httputil: panic due to racy read of persistConn after handler panic

A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability...

GO-2021-0241 Attacker can drop certain headers in net/http/httputil

ReverseProxy can be made to forward certain hop-by-hop headers, including Connection. If the target of the ReverseProxy is itself a reverse proxy, this lets an attacker drop arbitrary headers, including those set by the ReverseProxy.Director...

Race Condition

Overview std/net/http/httputil is a Go standard library package std/net/http/httputil Affected versions of this package are vulnerable to Race Condition. Go Vulnerability Report: ReverseProxy can panic after encountering a problem copying a proxied response body. Remediation Upgrade...

GO-2021-0245 Panic in ReverseProxy in net/http/httputil

ReverseProxy can panic after encountering a problem copying a proxied response body...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-2930)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected ty...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-2802)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-2802)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected ty...

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.19.0

Release of OpenShift Serverless Client kn 1.19.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

RHEL 8 : grafana (RHSA-2021:4226)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4226 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have be...