Man-in-the-Middle (MitM) Affecting package, versions <0.8.6

  • Attack Complexity


  • Scope


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    10 Jul 2020

  • disclosed

    8 Jun 2020

  • credit


How to fix?

Upgrade to version 0.8.6 or higher.

Overview is a CNI network plugins, maintained by the containernetworking team.

Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). A cluster configured to use an affected container networking implementation is susceptible to man-in-the-middle (MitM) attacks. By sending “rogue” router advertisements, a malicious container can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker-controlled container. Even if there was no IPv6 traffic before, if the DNS returns A (IPv4) and AAAA (IPv6) records, many HTTP libraries will try to connect via IPv6 first then fallback to IPv4, giving an opportunity to the attacker to respond.