VulnerableCode Package Details - pkg:rpm/redhat/prometheus-config-reloader-container@4.8.0-202107291502.p0.git.9d679a1.assembly?arch=stream

Search for packages

Vulnerability	Summary	Fixed by
VCID-b1t1-32t4-aaaf Aliases: CVE-2021-33195	Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.	There are no reported fixed by versions.
VCID-gfdc-2q2q-aaak Aliases: CVE-2021-34558	The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.	There are no reported fixed by versions.
VCID-mtfq-ngz6-aaad Aliases: CVE-2021-31525 GHSA-h86h-8ppg-mxmh	net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.	There are no reported fixed by versions.
VCID-qggy-g6kz-aaaj Aliases: CVE-2021-33198	In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.	There are no reported fixed by versions.
VCID-tdq5-pwwt-aaan Aliases: CVE-2021-33197	In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-b1t1-32t4-aaaf
Aliases:
CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.