(CVE-2023-29406) - apk package yq , vault in 3.18
Hi,
in our secrurity scans the vulnerability (CVE-2023-29406) shows up for some alpine 3.18 packages:
Package type: apk
Linux package name: vault-1.13.4-r0
Linux package name: yq-4.33.3-r1
Can we get a fix here ? updated version of these apks ?
BDSA-2023-1774
(CVE-2023-29406)
Published: 2023-07-13 - Modified: 2023-07-13
CVSS v2: 3.7
CVSS v3: 7.5
Description
Golang is vulnerable to HTTP(S) request splitting attacks due to improper data validation of the contents of host header in HTTP/1 client. A remote attacker could exploit this by submitting maliciously crafted Host header that could inject additional headers or entire requests.