Security - PRISMA-2022-0227 - High Sev - emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable
YolandaZhang369369 opened this issue · comments
Description:
github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system.
Severity:
High
CVE:
PRISMA-2022-0227
Hi There,
The above High Severity issue is blocking our product release, could you please generate fixed in v3.10.0 as soon as possible by end of Feb. 2023? Thanks a lot!
@YolandaZhang369369 are you aware that there is a new release v3.10.1
that fixes this issue?
See #519 (comment)
fixed in 3.11.0 and v4.0.0 (upcoming)