CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*

Information

Published : 2021-08-02 12:15

Updated : 2022-09-14 14:11


NVD link : CVE-2021-33195

Mitre link : CVE-2021-33195


JSON object : View

CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Advertisement

dedicated server usa

Products Affected

golang

  • go

netapp

  • cloud_insights_telegraf_agent