vulnerability
Red Hat OpenShift: CVE-2021-33195: lookup functions may return invalid host names
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Aug 2, 2021 | Aug 12, 2021 | Mar 30, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 2, 2021
Added
Aug 12, 2021
Modified
Mar 30, 2026
Description
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
Solutions
linuxrpm-upgrade-atomic-openshift-service-idlerlinuxrpm-upgrade-butanelinuxrpm-upgrade-containernetworking-pluginslinuxrpm-upgrade-cri-olinuxrpm-upgrade-cri-toolslinuxrpm-upgrade-golang-github-prometheus-promulinuxrpm-upgrade-ignitionlinuxrpm-upgrade-openshiftlinuxrpm-upgrade-openshift-clientslinuxrpm-upgrade-openshift4-wincw-windows-machine-config-rhel8-operatorlinuxrpm-upgrade-redhat-release-coreos
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.