Skip to content

Initial debug-host handler implementation could leak information and facilitate denial of service

Moderate severity GitHub Reviewed Published Jan 26, 2023 in fortio/proxy • Updated Jan 27, 2023

Package

gomod fortio.org/proxy (Go)

Affected versions

>= 1.5.0, < 1.6.1

Patched versions

1.6.1

Description

Impact

version 1.5.0 and 1.6.0 when using the new debug-host feature could expose unnecessary information about the host

Patches

Use 1.6.1 or newer

Workarounds

Downgrade to 1.4.0 or set debug-host to empty

References

fortio/proxy#38

Q&A https://github.com/fortio/proxy/discussions

References

@ldemailly ldemailly published to fortio/proxy Jan 26, 2023
Published to the GitHub Advisory Database Jan 27, 2023
Reviewed Jan 27, 2023
Last updated Jan 27, 2023

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-x477-fq37-q5wr

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.