[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-33197":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":229,"aliases":239,"duplicate_of":9,"upstream":242,"downstream":243,"duplicates":296,"related":297,"reserved_at":9,"published_at":306,"modified_at":307,"state":308,"summary":309,"references_raw":317,"kevs":352,"epss":353,"epss_history":356,"metrics":624,"affected":635},"CVE-2021-33197","In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-862","Missing Authorization","The product does not perform an authorization check when an actor attempts to access a resource or perform an action.","weakness","Incomplete","Class","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-665","Exploitation of Thunderbolt Protection Flaws",[24,61,101],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1211","Exploitation for Stealth",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0005","Stealth",[35,40,44,48,53,57],{"id":36,"name":37,"tactic":38},"D3-MBT","Memory Boundary Tracking",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-PCSV","Process Code Segment Verification",{"name":39},{"id":45,"name":46,"tactic":47},"D3-SSC","Shadow Stack Comparisons",{"name":39},{"id":49,"name":50,"tactic":51},"D3-PSEP","Process Segment Execution Prevention",{"name":52},"Harden",{"id":54,"name":55,"tactic":56},"D3-SAOR","Segment Address Offset Randomization",{"name":52},{"id":58,"name":59,"tactic":60},"D3-SFCV","Stack Frame Canary Validation",{"name":52},{"id":62,"name":63,"tactics":64,"countermeasures":70},"T1542.002","Component Firmware",[65,66,67],{"id":29,"name":30},{"id":32,"name":33},{"id":68,"name":69},"TA0110","Persistence",[71,76,80,84,88,92,96],{"id":72,"name":73,"tactic":74},"D3-SWI","Software Inventory",{"name":75},"Model",{"id":77,"name":78,"tactic":79},"D3-AVE","Asset Vulnerability Enumeration",{"name":75},{"id":81,"name":82,"tactic":83},"D3-FEMC","Firmware Embedded Monitoring Code",{"name":39},{"id":85,"name":86,"tactic":87},"D3-FV","Firmware Verification",{"name":39},{"id":89,"name":90,"tactic":91},"D3-FBA","Firmware Behavior Analysis",{"name":39},{"id":93,"name":94,"tactic":95},"D3-SU","Software Update",{"name":52},{"id":97,"name":98,"tactic":99},"D3-RS","Restore Software",{"name":100},"Restore",{"id":102,"name":103,"tactics":104,"countermeasures":113},"T1556","Modify Authentication Process",[105,106,109,110],{"id":29,"name":30},{"id":107,"name":108},"TA0112","Defense Impairment",{"id":68,"name":69},{"id":111,"name":112},"TA0031","Credential Access",[114,118,122,126,130,134,138,142,146,150,155,159,163,167,171,176,180,184,188,193,197,201,205,209,213,217,221,225],{"id":115,"name":116,"tactic":117},"D3-CI","Configuration Inventory",{"name":75},{"id":119,"name":120,"tactic":121},"D3-NTPM","Network Traffic Policy Mapping",{"name":75},{"id":123,"name":124,"tactic":125},"D3-AM","Access Modeling",{"name":75},{"id":127,"name":128,"tactic":129},"D3-FA","File Analysis",{"name":39},{"id":131,"name":132,"tactic":133},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":135,"name":136,"tactic":137},"D3-PLA","Process Lineage Analysis",{"name":39},{"id":139,"name":140,"tactic":141},"D3-PSMD","Process Self-Modification Detection",{"name":39},{"id":143,"name":144,"tactic":145},"D3-PSA","Process Spawn Analysis",{"name":39},{"id":147,"name":148,"tactic":149},"D3-SFA","System File Analysis",{"name":39},{"id":151,"name":152,"tactic":153},"D3-FEV","File Eviction",{"name":154},"Evict",{"id":156,"name":157,"tactic":158},"D3-PT","Process Termination",{"name":154},{"id":160,"name":161,"tactic":162},"D3-PS","Process Suspension",{"name":154},{"id":164,"name":165,"tactic":166},"D3-HR","Host Reboot",{"name":154},{"id":168,"name":169,"tactic":170},"D3-HS","Host Shutdown",{"name":154},{"id":172,"name":173,"tactic":174},"D3-DF","Decoy File",{"name":175},"Deceive",{"id":177,"name":178,"tactic":179},"D3-FE","File Encryption",{"name":52},{"id":181,"name":182,"tactic":183},"D3-RF","Restore File",{"name":100},{"id":185,"name":186,"tactic":187},"D3-RC","Restore Configuration",{"name":100},{"id":189,"name":190,"tactic":191},"D3-CF","Content Filtering",{"name":192},"Isolate",{"id":194,"name":195,"tactic":196},"D3-LFP","Local File Permissions",{"name":192},{"id":198,"name":199,"tactic":200},"D3-RFAM","Remote File Access Mediation",{"name":192},{"id":202,"name":203,"tactic":204},"D3-CQ","Content Quarantine",{"name":192},{"id":206,"name":207,"tactic":208},"D3-CM","Content Modification",{"name":192},{"id":210,"name":211,"tactic":212},"D3-KBPI","Kernel-based Process Isolation",{"name":192},{"id":214,"name":215,"tactic":216},"D3-SCF","System Call Filtering",{"name":192},{"id":218,"name":219,"tactic":220},"D3-HBPI","Hardware-based Process Isolation",{"name":192},{"id":222,"name":223,"tactic":224},"D3-ABPI","Application-based Process Isolation",{"name":192},{"id":226,"name":227,"tactic":228},"D3-WSAM","Web Session Access Mediation",{"name":192},[230],{"_key":231,"name":232,"source":233,"url":234,"maturity":235,"reliability_score":236,"verified":237,"type":9,"platforms":238,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_EDC69D4B4FD01455","Exploit Reference (groups.google.com)","reference","https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI","unknown",0.2,false,[],[240,241],"GO-2021-0241","BIT-golang-2021-33197",[],[244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294],{"_key":245},"UBUNTU-CVE-2021-33197",{"_key":247},"SUSE-SU-2021:2186-1",{"_key":249},"SUSE-SU-2021:2214-1",{"_key":251},"OPENSUSE-SU-2021:0950-1",{"_key":253},"OPENSUSE-SU-2021:2186-1",{"_key":255},"OPENSUSE-SU-2021:2214-1",{"_key":257},"OPENSUSE-SU-2024:10808-1",{"_key":259},"OPENSUSE-SU-2024:10809-1",{"_key":261},"RHBA-2021:2979",{"_key":263},"RHSA-2021:4226",{"_key":265},"MGASA-2021-0369",{"_key":267},"DEBIAN-CVE-2021-33197",{"_key":269},"RHSA-2021:2984",{"_key":271},"RHSA-2021:3009",{"_key":273},"RHSA-2021:3248",{"_key":275},"RHSA-2021:3431",{"_key":277},"RHSA-2021:3487",{"_key":279},"RHSA-2021:3555",{"_key":281},"RHSA-2021:3820",{"_key":283},"RHSA-2021:4156",{"_key":285},"RHSA-2021:5072",{"_key":287},"RHSA-2021:5085",{"_key":289},"RHSA-2022:1329",{"_key":291},"RHSA-2022:1402",{"_key":293},"RHSA-2022:7954",{"_key":295},"RHSA-2022:8008",[],[298,299,300,301,302,303,304,305],{"_key":247},{"_key":249},{"_key":251},{"_key":253},{"_key":255},{"_key":257},{"_key":259},{"_key":265},"2021-08-02T18:54:45.000Z","2024-08-03T23:42:20.296Z","Modified",{"cisa_kev":237,"cisa_ransomware":237,"cisa_vendor":9,"epss_severity":310,"epss_score":311,"severity":312,"severity_score":313,"severity_version":314,"severity_source":315,"severity_vector":316,"severity_status":308},"low",0.00039,"medium",5.3,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",[318,325,332,338,343,347],{"url":319,"sources":320,"tags":322},"https://groups.google.com/g/golang-announce",[321,315],"cve.org",[323,324],"X Refsource MISC","Third Party Advisory",{"url":234,"sources":326,"tags":328},[321,315,327],"osv_go",[323,329,330,324,331],"Exploit","Patch","WEB",{"url":333,"sources":334,"tags":335},"https://security.gentoo.org/glsa/202208-02",[321,315],[336,337,324],"Vendor Advisory","X Refsource GENTOO",{"url":339,"sources":340,"tags":341},"https://go.dev/cl/321929",[327],[342],"FIX",{"url":344,"sources":345,"tags":346},"https://go.googlesource.com/go/+/950fa11c4cb01a145bb07eeb167d90a1846061b3",[327],[342],{"url":348,"sources":349,"tags":350},"https://go.dev/issue/46313",[327],[351],"REPORT",[],{"date":354,"score":311,"percentile":355},"2026-06-04",0.12118,[357,361,364,367,370,373,376,379,382,385,388,391,394,397,400,404,407,410,413,416,419,422,425,428,431,434,437,440,443,446,449,451,453,456,460,463,466,469,472,475,478,481,484,487,489,492,495,498,501,504,507,510,513,516,519,522,525,528,530,533,536,539,542,545,548,551,554,557,560,563,565,568,570,573,576,579,582,584,588,591,594,597,600,603,605,608,612,615,618,621],{"date":358,"score":359,"percentile":360},"2025-11-04",0.00037,0.10503,{"date":362,"score":359,"percentile":363},"2025-11-05",0.1053,{"date":365,"score":359,"percentile":366},"2025-11-06",0.10639,{"date":368,"score":359,"percentile":369},"2025-11-07",0.10662,{"date":371,"score":359,"percentile":372},"2025-11-08",0.10668,{"date":374,"score":359,"percentile":375},"2025-11-09",0.10629,{"date":377,"score":359,"percentile":378},"2025-11-10",0.1059,{"date":380,"score":359,"percentile":381},"2025-11-11",0.10602,{"date":383,"score":359,"percentile":384},"2025-11-12",0.10635,{"date":386,"score":359,"percentile":387},"2025-11-13",0.1067,{"date":389,"score":359,"percentile":390},"2025-11-14",0.10677,{"date":392,"score":359,"percentile":393},"2025-11-15",0.10674,{"date":395,"score":359,"percentile":396},"2025-11-16",0.10673,{"date":398,"score":359,"percentile":399},"2025-11-17",0.10656,{"date":401,"score":402,"percentile":403},"2025-11-18",0.00251,0.45115,{"date":405,"score":402,"percentile":406},"2025-11-19",0.45123,{"date":408,"score":402,"percentile":409},"2025-11-20",0.4513,{"date":411,"score":359,"percentile":412},"2025-11-21",0.10682,{"date":414,"score":359,"percentile":415},"2025-11-22",0.10687,{"date":417,"score":359,"percentile":418},"2025-11-23",0.10652,{"date":420,"score":359,"percentile":421},"2025-11-24",0.10614,{"date":423,"score":359,"percentile":424},"2025-11-25",0.10617,{"date":426,"score":359,"percentile":427},"2025-11-26",0.10613,{"date":429,"score":359,"percentile":430},"2025-11-27",0.10621,{"date":432,"score":359,"percentile":433},"2025-11-28",0.1061,{"date":435,"score":359,"percentile":436},"2025-11-29",0.10597,{"date":438,"score":359,"percentile":439},"2025-11-30",0.10603,{"date":441,"score":359,"percentile":442},"2025-12-01",0.10645,{"date":444,"score":359,"percentile":445},"2025-12-02",0.10653,{"date":447,"score":359,"percentile":448},"2025-12-03",0.10667,{"date":450,"score":359,"percentile":442},"2025-12-04",{"date":452,"score":359,"percentile":387},"2025-12-05",{"date":454,"score":359,"percentile":455},"2025-12-06",0.1068,{"date":457,"score":458,"percentile":459},"2025-12-07",0.00033,0.08902,{"date":461,"score":458,"percentile":462},"2025-12-08",0.08906,{"date":464,"score":458,"percentile":465},"2025-12-09",0.0895,{"date":467,"score":458,"percentile":468},"2025-12-10",0.09023,{"date":470,"score":458,"percentile":471},"2025-12-11",0.09059,{"date":473,"score":458,"percentile":474},"2025-12-12",0.09079,{"date":476,"score":458,"percentile":477},"2025-12-13",0.09084,{"date":479,"score":458,"percentile":480},"2025-12-14",0.09078,{"date":482,"score":458,"percentile":483},"2025-12-15",0.09005,{"date":485,"score":458,"percentile":486},"2025-12-16",0.0899,{"date":488,"score":458,"percentile":480},"2025-12-17",{"date":490,"score":458,"percentile":491},"2025-12-18",0.09132,{"date":493,"score":458,"percentile":494},"2025-12-19",0.09157,{"date":496,"score":458,"percentile":497},"2025-12-20",0.09151,{"date":499,"score":458,"percentile":500},"2025-12-21",0.0913,{"date":502,"score":458,"percentile":503},"2025-12-22",0.09098,{"date":505,"score":458,"percentile":506},"2025-12-23",0.09082,{"date":508,"score":458,"percentile":509},"2025-12-24",0.09088,{"date":511,"score":458,"percentile":512},"2025-12-25",0.09165,{"date":514,"score":458,"percentile":515},"2025-12-26",0.09154,{"date":517,"score":458,"percentile":518},"2025-12-27",0.09118,{"date":520,"score":458,"percentile":521},"2025-12-28",0.09159,{"date":523,"score":458,"percentile":524},"2025-12-29",0.09126,{"date":526,"score":458,"percentile":527},"2025-12-30",0.09112,{"date":529,"score":458,"percentile":497},"2025-12-31",{"date":531,"score":458,"percentile":532},"2026-01-01",0.09179,{"date":534,"score":458,"percentile":535},"2026-01-02",0.09178,{"date":537,"score":458,"percentile":538},"2026-01-03",0.09168,{"date":540,"score":458,"percentile":541},"2026-01-04",0.09097,{"date":543,"score":458,"percentile":544},"2026-01-05",0.09058,{"date":546,"score":458,"percentile":547},"2026-01-06",0.09041,{"date":549,"score":458,"percentile":550},"2026-01-07",0.09071,{"date":552,"score":458,"percentile":553},"2026-01-08",0.09131,{"date":555,"score":458,"percentile":556},"2026-01-09",0.09147,{"date":558,"score":458,"percentile":559},"2026-01-10",0.09164,{"date":561,"score":458,"percentile":562},"2026-01-11",0.09116,{"date":564,"score":458,"percentile":541},"2026-01-12",{"date":566,"score":458,"percentile":567},"2026-01-13",0.09063,{"date":569,"score":458,"percentile":562},"2026-01-14",{"date":571,"score":458,"percentile":572},"2026-01-15",0.09125,{"date":574,"score":458,"percentile":575},"2026-01-16",0.09167,{"date":577,"score":458,"percentile":578},"2026-01-17",0.09176,{"date":580,"score":458,"percentile":581},"2026-01-18",0.09142,{"date":583,"score":458,"percentile":503},"2026-01-19",{"date":585,"score":586,"percentile":587},"2026-01-20",0.00041,0.12302,{"date":589,"score":586,"percentile":590},"2026-01-21",0.12281,{"date":592,"score":586,"percentile":593},"2026-01-22",0.12263,{"date":595,"score":458,"percentile":596},"2026-01-23",0.09114,{"date":598,"score":458,"percentile":599},"2026-01-24",0.09172,{"date":601,"score":458,"percentile":602},"2026-01-25",0.09095,{"date":604,"score":458,"percentile":471},"2026-01-26",{"date":606,"score":458,"percentile":607},"2026-01-27",0.09044,{"date":609,"score":610,"percentile":611},"2026-01-28",0.00032,0.08678,{"date":613,"score":610,"percentile":614},"2026-01-29",0.0866,{"date":616,"score":610,"percentile":617},"2026-01-30",0.0867,{"date":619,"score":610,"percentile":620},"2026-01-31",0.08687,{"date":622,"score":610,"percentile":623},"2026-02-01",0.08715,[625],{"source":315,"cvss_v2_0":626,"cvss_v3_0":9,"cvss_v3_1":631,"cvss_v4_0":9},{"baseScore":627,"baseSeverity":9,"vectorString":628,"impactScore":629,"exploitabilityScore":630},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":313,"baseSeverity":632,"vectorString":316,"impactScore":633,"exploitabilityScore":634},"MEDIUM",2.3,10,[636,652],{"ecosystem":9,"name":637,"vendor":638,"product":637,"cpe_part":639,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":640},"go","golang","a",[641,647],{"version":642,"is_range":643,"range_type":644,"version_start":9,"version_start_type":9,"version_end":645,"version_end_type":646,"fixed_in":9},"lt1.15.13",true,"cpe","1.15.13","excluding",{"version":648,"is_range":643,"range_type":644,"version_start":649,"version_start_type":650,"version_end":651,"version_end_type":646,"fixed_in":9},"gte1.16.0_lt1.16.5","1.16.0","including","1.16.5",{"ecosystem":653,"name":654,"vendor":653,"product":654,"cpe_part":9,"purl_type":638,"purl_namespace":9,"purl_name":654,"source":9,"versions":655},"Go","stdlib",[656],{"version":657,"is_range":643,"range_type":658,"version_start":659,"version_start_type":650,"version_end":651,"version_end_type":646,"fixed_in":9},"gte1_16_0_0_lt1_16_5","semver","1.16.0-0"]