Christian Mehlmauer

**Name of the Vulnerable Software and Affected Versions** Go versions prior to 1.17.12 Go versions prior to 1.18.4 **Description** The issue is related to the improper exposure of client IP addresses. This can be triggered by calling `httputil.ReverseProxy.ServeHTTP` with a `Request.Header` map containing a nil value for the `X-Forwarded-For` header. As a result, `ReverseProxy` sets the client IP as the value of the `X-Forwarded-For` header, contrary to its documentation. **Recommendations** For Go versions prior to 1.17.12, update to Go 1.17.12 or later to resolve the issue. For Go versions prior to 1.18.4, update to Go 1.18.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of a nil value for the `X-Forwarded-For` header in the `Request.Header` map when calling `httputil.ReverseProxy.ServeHTTP`.

Name of the Vulnerable Software and Affected Versions: Cisco Expressway software (affected versions not specified) Description: A vulnerability in the Traversal Using Relays around NAT (TURN) server component could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The issue is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this by sending specially crafted network traffic to the affected software, potentially allowing them to gain unauthorized network access. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.