VDB
CVE-2021-23409
CVE-2021-23409
PUBLISHED
The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.
EPSS 0.91% · 76.2th percentile
Risk Scores
EPSS Score
0.91%
76.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | golang-github-pires-go-proxyproto | 0, 0.4.2-1 |
Exploit Intelligence
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439 (circl)
- https://github.com/pires/go-proxyproto/releases/tag/v0.6.0 (circl)
- https://github.com/pires/go-proxyproto/issues/65 (circl)
- https://github.com/pires/go-proxyproto/pull/74 (circl)
- https://github.com/pires/go-proxyproto/pull/74/commits/cdc63867da24fc609b727231f682670d0d1cd346 (circl)
Timeline
- Jul 21, 2021 CVE Published
- Jul 21, 2021 EPSS Score
- Jul 29, 2021 CVE Updated
- Sep 18, 2021 EPSS Score
- Nov 17, 2021 EPSS Score
- Jan 15, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 16, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 14, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Nov 9, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-23409 third-party-advisory
- https://github.com/pires/go-proxyproto/issues/65 third-party-advisory
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439 third-party-advisory
- https://github.com/pires/go-proxyproto/pull/74 third-party-advisory
- https://github.com/pires/go-proxyproto/pull/74/commits/cdc63867da24fc609b727231f682670d0d1cd346 third-party-advisory
- https://github.com/pires/go-proxyproto/releases/tag/v0.6.0 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-23409 third-party-advisory