Vulnerability Report: GO-2024-2778

CVE-2021-31999, GHSA-pvxj-25m6-7vqr
Affects: github.com/rancher/rancher
Published: Jun 10, 2024
Modified: Jul 09, 2024

Rancher Privilege escalation vulnerability via malicious "Connection" header in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/rancher/rancher before v2.4.16, from v2.5.0 before v2.5.9.

For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-pvxj-25m6-7vqr or https://nvd.nist.gov/vuln/detail/CVE-2021-31999.

Affected Packages

Path

Versions

Symbols

Aliases

CVE-2021-31999
GHSA-pvxj-25m6-7vqr

References

https://github.com/advisories/GHSA-pvxj-25m6-7vqr
https://nvd.nist.gov/vuln/detail/CVE-2021-31999
https://bugzilla.suse.com/show_bug.cgi?id=1187084
https://vuln.go.dev/ID/GO-2024-2778.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL