x/vulndb: potential Go vuln in github.com/cactus/go-camo: CVE-2019-14255 #2237

tatianab · 2023-11-08T22:04:14Z

CVE-2019-14255 references github.com/cactus/go-camo, which may be a Go module.

Description:
A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints.

References:

NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-14255
advisory: GHSA-xrmp-4542-q746
Imported by: https://pkg.go.dev/github.com/cactus/go-camo?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/cactus/go-camo
      vulnerable_at: 1.1.7
      packages:
        - package: n/a
cves:
    - CVE-2019-14255
references:
    - advisory: https://github.com/cactus/go-camo/security/advisories/GHSA-xrmp-4542-q746

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-11-08T22:28:45Z

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports

tatianab added the excluded: LEGACY_FALSE_POSITIVE (DO NOT USE) Vulnerability marked as false positive before we introduced the triage process label Nov 8, 2023

gopherbot closed this as completed in 497caf9 Nov 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/cactus/go-camo: CVE-2019-14255 #2237

x/vulndb: potential Go vuln in github.com/cactus/go-camo: CVE-2019-14255 #2237

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023

x/vulndb: potential Go vuln in github.com/cactus/go-camo: CVE-2019-14255 #2237

x/vulndb: potential Go vuln in github.com/cactus/go-camo: CVE-2019-14255 #2237

Comments

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023