CVE-2024-41270 – github.com/appleboy/gorush

Package

Manager: go
Name: github.com/appleboy/gorush
Vulnerable Version: >=0 <1.18.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00052 pctl0.15904

Details

Gorush uses deprecated TLS versions An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version.

Metadata

Created: 2024-08-06T21:30:47Z
Modified: 2024-08-07T14:17:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-p3pf-mff8-3h47/GHSA-p3pf-mff8-3h47.json
CWE IDs: ["CWE-327"]
Alternative ID: GHSA-p3pf-mff8-3h47
Finding: F052
Auto approve: 1