Headline

GHSA-h828-v5pv-33qx: coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.

1 year ago

ghsa

Open in Source

#vulnerability #git

GitHub Advisory Database
GitHub Reviewed
CVE-2022-2837

coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints

Moderate severity GitHub Reviewed Published Mar 3, 2023 to the GitHub Advisory Database • Updated Mar 6, 2023

Package

gomod github.com/coredns/coredns (Go)

Affected versions

<= 1.9.3

Published by the National Vulnerability Database

Mar 3, 2023

Published to the GitHub Advisory Database

Mar 3, 2023

Related news

CVE-2022-2837: Invalid Bug ID

1 year ago

CVE

Open in Source

ghsa: Latest News

GHSA-7m27-7ghc-44w9: Next.js Allows a Denial of Service (DoS) with Server Actions

2 days ago

ghsa

GHSA-q9jv-mm3r-j47r: PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters

2 days ago

ghsa

GHSA-hwcp-2h35-p66w: PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

2 days ago

ghsa

GHSA-wv23-996v-q229: PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties

2 days ago

ghsa

GHSA-j2xg-cjcx-4677: PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file

2 days ago

ghsa