CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
Configurations

Configuration 1

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*

Information

Published : 2021-08-02 07:15

Updated : 2022-09-14 09:11


NVD link : CVE-2021-33195

Mitre link : CVE-2021-33195

Products Affected
No products.
CWE