-
Notifications
You must be signed in to change notification settings - Fork 690
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security - PRISMA-2022-0227 - High Sev - emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable #521
Comments
@YolandaZhang369369 are you aware that there is a new release |
emicklei
added a commit
that referenced
this issue
Feb 28, 2023
emicklei
added a commit
that referenced
this issue
Aug 5, 2023
* allow multiple samples for Write, issue #514 * update changelog * chore: example handling request parameters with httpin (#518) * use path package to join slash fragments #519 (#520) * update hist * update example openapi to use 3.10.1 * Add test for client request with and without trailing slash. (#522) * Add test for client request with and without trailing slash. * Correction. * introduce MergePathStrategy * Revert "introduce MergePathStrategy" This reverts commit 709cf80. * introduce MergePathStrategy for #521 #519 (#523) * introduce MergePathStrategy for #521 #519 * update readme, set default to new strategy, add extra test * link to security issue * update change hist * add hello world with TrimSlashStrategy * two route example * examples to show differences #519 * more route examples #519 * add examples for issue519 with path in root * remove obsolete swagger example * Update README.md remover swagger12 mention * allow multiple samples for Write, issue #514 --------- Co-authored-by: Ggicci <[email protected]> Co-authored-by: Gerrit <[email protected]>
See #519 (comment) |
fixed in 3.11.0 and v4.0.0 (upcoming) |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description:
github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system.
Severity:
High
CVE:
PRISMA-2022-0227
Hi There,
The above High Severity issue is blocking our product release, could you please generate fixed in v3.10.0 as soon as possible by end of Feb. 2023? Thanks a lot!
The text was updated successfully, but these errors were encountered: