CVE-2021-33195

CVSS v3.1 7.3 (High)

CVSS v2.0 7.5 (High)

EPSS 1.01 % (84^th)

Affected Products 2

Advisories 20

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

Weaknesses

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-08-02 19:15:08
(3 years ago)
Updated Date: 2022-09-14 21:11:53
(2 years ago)

Affected Products

Golang

Netapp

Cloud Insights Telegraf Agent

Configuration #1

		CPE23	From	Up To
	Golang Go prior 1.15.13 version	cpe:2.3:a:golang:go		< 1.15.13
	Golang Go from 1.16.0 version and prior 1.16.5 version	cpe:2.3:a:golang:go	>= 1.16.0	< 1.16.5

Configuration #2

		CPE23	From	Up To
	Netapp Cloud Insights Telegraf Agent	cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-