CVE-2021-33194 (High) detected in github.com/golang/net-f5e5bdd778241bfefa8627f7124c39cd6ad8d74f, github.com/golang/net-161cd47e91fd58ac17490ef4d742dc98bb4cf60e

[mend-bolt-for-github[bot]]

CVE-2021-33194 - High Severity Vulnerability

Vulnerable Libraries - github.com/golang/net-f5e5bdd778241bfefa8627f7124c39cd6ad8d74f, github.com/golang/net-161cd47e91fd58ac17490ef4d742dc98bb4cf60e

github.com/golang/net-f5e5bdd778241bfefa8627f7124c39cd6ad8d74f

[mirror] Go supplementary network libraries

Dependency Hierarchy: - :x: **github.com/golang/net-f5e5bdd778241bfefa8627f7124c39cd6ad8d74f** (Vulnerable Library)

github.com/golang/net-161cd47e91fd58ac17490ef4d742dc98bb4cf60e

[mirror] Go supplementary network libraries

Dependency Hierarchy: - :x: **github.com/golang/net-161cd47e91fd58ac17490ef4d742dc98bb4cf60e** (Vulnerable Library)

Found in HEAD commit: 975ea99358eaa6f34b7c8c0c0dce2a0a92a39da5

Vulnerability Details

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

Publish Date: 2021-05-26

URL: CVE-2021-33194

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33194

Release Date: 2021-05-26

Fix Resolution: golang.org/x/net - v0.0.0-20210520170846-37e1c6afe023

---

Step up your Open Source Security Game with Mend here