Vulnerability Report: GO-2024-2984

CVE-2024-40632
Affects: github.com/linkerd/linkerd2
Published: Jul 22, 2024

Linkerd potential access to the shutdown endpoint in github.com/linkerd/linkerd2

For detailed information about this vulnerability, visit https://nvd.nist.gov/vuln/detail/CVE-2024-40632.

Affected Packages

Path

Go Versions

Custom Versions^*

Symbols
github.com/linkerd/linkerd2/pkg/inject

before v0.5.1-0.20240614165515-35fb2d6d11ef

before edge-24.6.2
1 unexported affected symbols
- applyAnnotationOverrides

^{*Custom versions, which can't be mapped automatically to standard Go module versions, are ignored by govulncheck. (See this note on versions for more details.)}

Aliases

CVE-2024-40632

References

https://nvd.nist.gov/vuln/detail/CVE-2024-40632
https://github.com/linkerd/linkerd2/commit/35fb2d6d11ef6520ae516dd717790529f85224fa
https://github.com/linkerd/linkerd2-proxy/blob/46957de49f25fd4661af7b7c52659148f4d6dd27/linkerd/app/admin/src/server.rs
https://github.com/linkerd/linkerd2/security/advisories/GHSA-6v94-gj6x-jqj7
https://vuln.go.dev/ID/GO-2024-2984.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL