CVE-2019-18923

CVE-2019-18923

EPSS 0.9%

Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cactus/go-camo/blob/505862f7bf14c8b6ff945734d5f3fdcd929e45dd/pkg/camo/proxy.go#L453-L460 https://github.com/cactus/go-camo/security/advisories/GHSA-jg2r-qf99-4wvr