PT-2021-6521 · Google+7 · Go+7

Asta Olofsson

+1

·

Published

2021-02-19

·

Updated

2024-06-15

·

CVE-2021-33197

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Go versions 1.15.12 and earlier Go versions 1.16.x before 1.16.5
Description The issue is related to the ReverseProxy component from net/http/httputil in the Go programming language, which can result in a situation where an attacker can drop arbitrary headers. This can occur when the ReverseProxy is configured in a certain way, allowing an attacker to influence the integrity of data. The vulnerability can be exploited by a remote attacker.
Recommendations For Go versions 1.15.12 and earlier, update to version 1.15.13 or later. For Go versions 1.16.x before 1.16.5, update to version 1.16.5 or later. As a temporary workaround, consider restricting the use of the ReverseProxy component until a patch is available.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

ALSA-2021:4156
ALSA-2021:4226
ALSA-2022:7954
ALSA-2022:8008
ALT-PU-2021-1376
ALT-PU-2021-1936
ALT-PU-2021-1940
ALT-PU-2021-1941
AZL-79094
BDU:2022-01781
BIT-GOLANG-2021-33197
CESA-2021_4156
CESA-2021_4226
CVE-2021-33197
GO-2021-0241
MGASA-2021-0369
OESA-2021-1402
OPENSUSE-SU-2021:0950-1
OPENSUSE-SU-2021:2186-1
OPENSUSE-SU-2021:2214-1
OPENSUSE-SU-2021_0950-1
OPENSUSE-SU-2021_2186-1
OPENSUSE-SU-2021_2214-1
OPENSUSE-SU-2024:10808-1
OPENSUSE-SU-2024:10809-1
RHSA-2021:2984
RHSA-2021:3009
RHSA-2021:3248
RHSA-2021:3431
RHSA-2021:3487
RHSA-2021:3555
RHSA-2021:3820
RHSA-2021:4156
RHSA-2021:4226
RHSA-2021:5072
RHSA-2021:5085
RHSA-2021_4156
RHSA-2021_4226
RHSA-2022:1329
RHSA-2022:1402
RHSA-2022:7954
RHSA-2022:8008
RHSA-2022_7954
RHSA-2022_8008
RLSA-2021:4156
RLSA-2021:4226
SUSE-SU-2021:2186-1
SUSE-SU-2021:2214-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Go
Red Hat
Rocky Linux
Suse