Skip to content

Initial debug-host handler implementation could leak information and facilitate denial of service

Moderate
ldemailly published GHSA-x477-fq37-q5wr Jan 26, 2023

Package

gomod fortio.org/proxy (Go)

Affected versions

1.5.0,1.6.0

Patched versions

1.6.1

Description

Impact

version 1.5.0 and 1.6.0 when using the new debug-host feature could expose unnecessary information about the host

Patches

Use 1.6.1 or newer

Workarounds

Downgrade to 1.4.0 or set debug-host to empty

References

#38

Q&A https://github.com/fortio/proxy/discussions

Severity

Moderate

CVE ID

No known CVE

Weaknesses

No CWEs