github-actions[bot]
commented
3 months ago Issue still exists.
Open github-actions[bot] opened 3 months ago
github-actions[bot]
commented
3 months ago Issue still exists.
Description
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
MEDIUM Vulnerable Package issue exists @ github.com/miekg/dns in branch master
Vulnerability ID: CVE-2019-19794
Package Name: github.com/miekg/dns
Severity: MEDIUM
CVSS Score: 5.9
Publish Date: 2019-12-13T22:15:00
Current Package Version: v1.0.14
Remediation Upgrade Recommendation: v1.0.14-0.20181012211526-4a9ca7e98d0f
Link To SCA
Reference – NVD link