CVE-2021-33195 - log back

CVE-2021-33195 edited at 04 Jun 2021 07:32:59
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ A security issue has been found in Go before version 1.16.5. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in net, and their respective methods on the Resolver type may return arbitrary values retrieved from DNS which do not follow the established RFC 1035 rules for domain names. If these names are used without further sanitization, for instance unsafely included in HTML, they may allow for injection of unexpected content. Note that LookupTXT may still return arbitrary values that could require sanitization before further use.
References
+ https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI/m/r_EP-NlKBgAJ
+ https://github.com/golang/go/issues/46241
+ https://github.com/golang/go/commit/df6a737cc899507d3090e995abd1e1ed1a30cee3
CVE-2021-33195 created at 04 Jun 2021 07:28:43
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes