2024-08-25 23:58:14 +00:00
{
"id" : "CVE-2024-45258" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2024-08-25T22:15:05.233" ,
2024-08-26 16:03:13 +00:00
"lastModified" : "2024-08-26T14:35:08.627" ,
2024-08-26 14:03:14 +00:00
"vulnStatus" : "Awaiting Analysis" ,
2024-08-25 23:58:14 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a \"garbage in, garbage out\" design."
2024-08-26 14:03:14 +00:00
} ,
{
"lang" : "es" ,
"value" : "El paquete req anterior a 3.43.4 para Go puede enviar una solicitud no deseada cuando se proporciona una URL con formato incorrecto, porque cleanHost en http.go utiliza intencionalmente un dise\u00f1o de \"basura que entra, basura sale\"."
2024-08-25 23:58:14 +00:00
}
] ,
2024-08-26 16:03:13 +00:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL" ,
2024-08-26 16:03:13 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2024-08-26 16:03:13 +00:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-20"
}
]
}
] ,
2024-08-25 23:58:14 +00:00
"references" : [
{
"url" : "https://github.com/imroc/req/commit/04e3ece5b380ecad9da3551c449f1b8a9aa76d3d" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/imroc/req/compare/v3.43.3...v3.43.4" ,
"source" : "cve@mitre.org"
}
]
}
