Search for packages
| purl | pkg:rpm/redhat/golang-github-openshift-oauth-proxy-container@4.8.0-202107291502.p0.git.3fc0d89.assembly?arch=stream |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-b1t1-32t4-aaaf
Aliases: CVE-2021-33195 |
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | There are no reported fixed by versions. |
|
VCID-gfdc-2q2q-aaak
Aliases: CVE-2021-34558 |
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | There are no reported fixed by versions. |
|
VCID-mtfq-ngz6-aaad
Aliases: CVE-2021-31525 GHSA-h86h-8ppg-mxmh |
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. | There are no reported fixed by versions. |
|
VCID-qggy-g6kz-aaaj
Aliases: CVE-2021-33198 |
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | There are no reported fixed by versions. |
|
VCID-tdq5-pwwt-aaan
Aliases: CVE-2021-33197 |
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|