Security - PRISMA-2022-0227 - High Sev - emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable

Question

Security - PRISMA-2022-0227 - High Sev - emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable

YolandaZhang369369 opened this issue a year ago · comments

Description:
github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system.

Severity:
High

CVE:
PRISMA-2022-0227

Hi There,
The above High Severity issue is blocking our product release, could you please generate fixed in v3.10.0 as soon as possible by end of Feb. 2023? Thanks a lot!

Ernest Micklei · Answer 1 · Thu Feb 09 2023 04:09:47 GMT+0800 (China Standard Time)

@YolandaZhang369369 are you aware that there is a new release v3.10.1 that fixes this issue?

Ernest Micklei · Answer 2 · Sun Aug 13 2023 14:54:58 GMT+0800 (China Standard Time)

See #519 (comment)

Ernest Micklei · Answer 3 · Sat Aug 19 2023 15:19:07 GMT+0800 (China Standard Time)

fixed in 3.11.0 and v4.0.0 (upcoming)