http-add-on
http-add-on copied to clipboard
CVE-2022-1996 (High) detected in github.com/emicklei/go-restful-v2.9.5
CVE-2022-1996 - High Severity Vulnerability
Vulnerable Library - github.com/emicklei/go-restful-v2.9.5
package for building REST-style Web Services using Go
Dependency Hierarchy:
- k8s.io/client-go-v0.24.3 (Root Library)
- github.com/kubernetes/kube-openapi-3ee0da9b0b4211c407396d9c233b38b77ce19773
- :x: github.com/emicklei/go-restful-v2.9.5 (Vulnerable Library)
- github.com/kubernetes/kube-openapi-3ee0da9b0b4211c407396d9c233b38b77ce19773
Found in HEAD commit: b3ce0e4e67ba887b24b523419d6a48bc2641d1ce
Found in base branch: main
Vulnerability Details
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
Publish Date: 2022-06-08
URL: CVE-2022-1996
CVSS 3 Score Details (9.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1996
Release Date: 2022-06-08
Fix Resolution: v3.8.0
Step up your Open Source Security Game with Mend here