CVE-2021-33195
CVSS v3.1
7.3 (High)
CVSS v2.0
7.5 (High)
EPSS
1.01 % (84th)
Affected Products
2
Advisories
20
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
Weaknesses
- CWE-74
- Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2021-08-02 19:15:08
(3 years ago) - Updated Date
-
2022-09-14 21:11:53
(2 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...