VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-tdq5-pwwt-aaan

Essentials
Severities (121)
References (39)
Severity details (10)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-tdq5-pwwt-aaan
Aliases	CVE-2021-33197
Summary	In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-862	Missing Authorization
CWE-20	Improper Input Validation

System	Score	Found at
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:2983
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:2984
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3009
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3146
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3248
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3361
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3431
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3487
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3555
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3556
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3598
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3759
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3820
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4104
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4156
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4226
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:5072
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:5085
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:5086
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0191
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0577
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0947
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1329
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1402
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33197.json
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2021-33197
cvssv3.1	3.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.3	https://groups.google.com/g/golang-announce
generic_textual	MODERATE	https://groups.google.com/g/golang-announce
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2021-33197
cvssv3	5.3	https://nvd.nist.gov/vuln/detail/CVE-2021-33197
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2021-33197
archlinux	Medium	https://security.archlinux.org/AVG-2006
cvssv3.1	5.3	https://security.gentoo.org/glsa/202208-02
generic_textual	MODERATE	https://security.gentoo.org/glsa/202208-02

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33197.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-33197
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33197
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://groups.google.com/g/golang-announce
		https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
		https://security.gentoo.org/glsa/202208-02
ASA-202106-42		https://security.archlinux.org/ASA-202106-42
AVG-2006		https://security.archlinux.org/AVG-2006
cpe:2.3:a:golang:go::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go::::::::
CVE-2021-33197		https://nvd.nist.gov/vuln/detail/CVE-2021-33197
RHBA-2021:2979		https://bugzilla.redhat.com/show_bug.cgi?id=1989570
RHSA-2021:2983		https://access.redhat.com/errata/RHSA-2021:2983
RHSA-2021:2984		https://access.redhat.com/errata/RHSA-2021:2984
RHSA-2021:3009		https://access.redhat.com/errata/RHSA-2021:3009
RHSA-2021:3146		https://access.redhat.com/errata/RHSA-2021:3146
RHSA-2021:3229		https://access.redhat.com/errata/RHSA-2021:3229
RHSA-2021:3248		https://access.redhat.com/errata/RHSA-2021:3248
RHSA-2021:3361		https://access.redhat.com/errata/RHSA-2021:3361
RHSA-2021:3431		https://access.redhat.com/errata/RHSA-2021:3431
RHSA-2021:3487		https://access.redhat.com/errata/RHSA-2021:3487
RHSA-2021:3555		https://access.redhat.com/errata/RHSA-2021:3555
RHSA-2021:3556		https://access.redhat.com/errata/RHSA-2021:3556
RHSA-2021:3598		https://access.redhat.com/errata/RHSA-2021:3598
RHSA-2021:3759		https://access.redhat.com/errata/RHSA-2021:3759
RHSA-2021:3820		https://access.redhat.com/errata/RHSA-2021:3820
RHSA-2021:4104		https://access.redhat.com/errata/RHSA-2021:4104
RHSA-2021:4156		https://access.redhat.com/errata/RHSA-2021:4156
RHSA-2021:4226		https://access.redhat.com/errata/RHSA-2021:4226
RHSA-2021:5072		https://access.redhat.com/errata/RHSA-2021:5072
RHSA-2021:5085		https://access.redhat.com/errata/RHSA-2021:5085
RHSA-2021:5086		https://access.redhat.com/errata/RHSA-2021:5086
RHSA-2022:0191		https://access.redhat.com/errata/RHSA-2022:0191
RHSA-2022:0577		https://access.redhat.com/errata/RHSA-2022:0577
RHSA-2022:0947		https://access.redhat.com/errata/RHSA-2022:0947
RHSA-2022:1329		https://access.redhat.com/errata/RHSA-2022:1329
RHSA-2022:1402		https://access.redhat.com/errata/RHSA-2022:1402
RHSA-2022:7954		https://access.redhat.com/errata/RHSA-2022:7954
RHSA-2022:8008		https://access.redhat.com/errata/RHSA-2022:8008

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33197.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://groups.google.com/g/golang-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-33197

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-33197

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-33197

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.gentoo.org/glsa/202208-02

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.02377
EPSS Score	0.00016
Published At	May 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.