Vulnerability Details CVE-2021-23409
The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/pires/go-proxyproto/issues/65
- https://github.com/pires/go-proxyproto/pull/74
- https://github.com/pires/go-proxyproto/pull/74/commits/cdc63867da24fc609b727231f682670d0d1cd346
- https://github.com/pires/go-proxyproto/releases/tag/v0.6.0
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439
- https://github.com/pires/go-proxyproto/issues/65
- https://github.com/pires/go-proxyproto/pull/74
- https://github.com/pires/go-proxyproto/pull/74/commits/cdc63867da24fc609b727231f682670d0d1cd346
- https://github.com/pires/go-proxyproto/releases/tag/v0.6.0
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439
Products affected by CVE-2021-23409
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.1.0
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.1.1
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.1.2
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.1.3
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.2.0
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.3.0
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.3.1
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.3.2
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.3.3
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.4.0
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.4.1
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.4.2
-
cpe:2.3:a:go-proxyproto_project:go-proxyproto:0.5.0