CVE-2021-4236

CVSS V2 None CVSS V3 None
Description
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.
Overview
  • CVE ID
  • CVE-2021-4236
  • Assigner
  • security@golang.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-27T22:15:12
  • Last Modified Date
  • 2023-01-05T04:48:44
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:web_project:web:*:*:*:*:*:go:*:* 1 OR 1.4.0 1.5.2
History
Created Old Value New Value Data Type Notes
2022-12-27 23:14:59 Added to TrackCVE
2022-12-27 23:15:00 Weakness Enumeration new
2022-12-28 12:14:49 2022-12-28T10:18:56 CVE Modified Date updated
2022-12-28 12:14:49 Received Awaiting Analysis Vulnerability Status updated
2023-01-04 16:17:16 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-05 05:15:21 2023-01-05T04:48:44 CVE Modified Date updated
2023-01-05 05:15:21 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-05 05:15:24 Weakness Enumeration update
2023-01-05 05:15:25 CPE Information updated