x/vulndb: potential Go vuln in fortio.org/proxy: GHSA-x477-fq37-q5wr #1524

GoVulnBot · 2023-01-27T01:01:32Z

In GitHub Security Advisory GHSA-x477-fq37-q5wr, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
fortio.org/proxy	1.6.1	>= 1.5.0, < 1.6.1

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: fortio.org/proxy
    versions:
      - introduced: 1.5.0
        fixed: 1.6.1
    packages:
      - package: fortio.org/proxy
description: |-
    ### Impact
    version 1.5.0 and 1.6.0 when using the new `debug-host` feature could expose unnecessary information about the host

    ### Patches
    Use 1.6.1 or newer

    ### Workarounds
    Downgrade to 1.4.0 or set `debug-host` to empty

    ### References
    https://github.com/fortio/proxy/pull/38

    Q&A https://github.com/fortio/proxy/discussions
ghsas:
  - GHSA-x477-fq37-q5wr

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-02-08T16:31:01Z

Change https://go.dev/cl/466475 mentions this issue: data/excluded: batch add GO-2023-1527, GO-2023-1524, GO-2023-1516, GO-2023-1514, GO-2023-1513, GO-2023-1511, GO-2023-1523, GO-2023-1522, GO-2023-1520, GO-2023-1512

gopherbot · 2024-06-14T17:46:01Z

Change https://go.dev/cl/592759 mentions this issue: data/reports: unexclude 75 reports

gopherbot · 2024-08-20T16:56:48Z

Change https://go.dev/cl/606782 mentions this issue: data/reports: unexclude 20 reports (2)

- data/reports/GO-2023-1512.yaml - data/reports/GO-2023-1520.yaml - data/reports/GO-2023-1524.yaml - data/reports/GO-2023-1527.yaml - data/reports/GO-2023-1533.yaml - data/reports/GO-2023-1541.yaml - data/reports/GO-2023-1542.yaml - data/reports/GO-2023-1543.yaml - data/reports/GO-2023-1544.yaml - data/reports/GO-2023-1550.yaml - data/reports/GO-2023-1551.yaml - data/reports/GO-2023-1552.yaml - data/reports/GO-2023-1553.yaml - data/reports/GO-2023-1554.yaml - data/reports/GO-2023-1555.yaml - data/reports/GO-2023-1560.yaml - data/reports/GO-2023-1577.yaml - data/reports/GO-2023-1581.yaml - data/reports/GO-2023-1582.yaml - data/reports/GO-2023-1583.yaml Updates #1512 Updates #1520 Updates #1524 Updates #1527 Updates #1533 Updates #1541 Updates #1542 Updates #1543 Updates #1544 Updates #1550 Updates #1551 Updates #1552 Updates #1553 Updates #1554 Updates #1555 Updates #1560 Updates #1577 Updates #1581 Updates #1582 Updates #1583 Change-Id: I6a2829acd39b6e598b81e8138e6d126128073198 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606782 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

maceonthompson self-assigned this Feb 6, 2023

maceonthompson added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Feb 6, 2023

gopherbot closed this as completed in 56e812d Feb 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in fortio.org/proxy: GHSA-x477-fq37-q5wr #1524

x/vulndb: potential Go vuln in fortio.org/proxy: GHSA-x477-fq37-q5wr #1524

GoVulnBot commented Jan 27, 2023

gopherbot commented Feb 8, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in fortio.org/proxy: GHSA-x477-fq37-q5wr #1524

x/vulndb: potential Go vuln in fortio.org/proxy: GHSA-x477-fq37-q5wr #1524

Comments

GoVulnBot commented Jan 27, 2023

gopherbot commented Feb 8, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024