Do your applications use this vulnerable package?
- Snyk ID SNYK-GOLANG-GOETCDIOETCDV3PKGHTTPUTIL-1083905
- published 26 Apr 2018
- disclosed 25 Feb 2018
- credit zelivans
How to fix?
go.etcd.io/etcd/v3/pkg/httputil to version 3.4.0 or higher.
Affected versions of this package are vulnerable to DNS Rebinding. An attacker can control their DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).