GO-2021-0241 Attacker can drop certain headers in net/http/httputil

ReverseProxy can be made to forward certain hop-by-hop headers, including Connection. If the target of the ReverseProxy is itself a reverse proxy, this lets an attacker drop arbitrary headers, including those set by the ReverseProxy.Director...

GO-2021-0245 Panic in ReverseProxy in net/http/httputil

ReverseProxy can panic after encountering a problem copying a proxied response body...

EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-2802)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected ty...

golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...

CentOS 8 : grafana (CESA-2021:4226)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:4226 advisory. - grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call CVE-2021-27358 - golang: crypto/elliptic:...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-2710)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : grafana (RHSA-2021:4226)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4226 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have be...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2710)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value...

CentOS 8 : go-toolset:rhel8 (CESA-2021:4156)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4156 advisory. - golang: net: lookup functions may return invalid host names CVE-2021-33195 - golang: net/http/httputil: ReverseProxy forwards connection headers if...

RHEL 8 : go-toolset:rhel8 (RHSA-2021:4156)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4156 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2685)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value...

Medium: golang

Issue Overview: A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability. CVE-2021-36221 Affected Packages: golang Issue...

Amazon Linux AMI : golang (ALAS-2021-1527)

The version of golang installed on the remote host is prior to 1.15.14-1.69. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1527 advisory. A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers i...

Updated golang packages fix security vulnerability

The updated golang packages fix a security vulnerability: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort CVE-2021-36221...

SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2021:2787-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2787-1 advisory. - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an...

RHEL 8 : OpenShift Container Platform 4.6.42 (RHSA-2021:3009)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3009 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

CVE-2020-15586

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

CVE-2021-36221

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort...

CVE-2021-36221

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort...

Race condition

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort...