Vulnerability Report: GO-2022-1113

CVE-2022-39383, GHSA-m5xf-x7q6-3rm7
Affects: github.com/oam-dev/kubevela
Published: Dec 07, 2022
Modified: May 20, 2024

When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability.

For detailed information about this vulnerability, visit https://github.com/kubevela/kubevela/security/advisories/GHSA-m5xf-x7q6-3rm7.

Affected Packages

Path

Go Versions

Symbols
github.com/oam-dev/kubevela/pkg/utils/common

before v1.5.8, from v1.6.0 before v1.6.1
- HTTPGetResponse

Aliases

CVE-2022-39383
GHSA-m5xf-x7q6-3rm7

References

https://github.com/kubevela/kubevela/security/advisories/GHSA-m5xf-x7q6-3rm7
https://github.com/kubevela/kubevela/pull/5000
https://vuln.go.dev/ID/GO-2022-1113.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL