GHSA-wf43-55jj-vwq8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wf43-55jj-vwq8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-wf43-55jj-vwq8/GHSA-wf43-55jj-vwq8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wf43-55jj-vwq8
- Aliases
- Related
- Published
- 2022-02-15T01:57:18Z
- Modified
- 2023-11-08T03:59:44.975621Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- DNS Rebinding in etcd
- Details
-
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-20", "CWE-350" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-05-19T22:09:57Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-1099
- https://github.com/coreos/etcd/issues/9353
- https://github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56
- https://bugzilla.redhat.com/show_bug.cgi?id=1552717
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS
Affected packages
Go / go.etcd.io/etcd
Package
- Name
- go.etcd.io/etcd
- View open source insights on deps.dev
- Purl
- pkg:golang/go.etcd.io/etcd