CVE-2021-22133

Description

Sensitive HTTP headers may not be properly sanitized before being sent to the APM server if the program panics.

How to fix CVE-2021-22133

To remediate CVE-2021-22133, upgrade the affected package to a fixed version below.

• Go/go.elastic.co/apm—upgrade to 1.11.0 or later
• Go/go.elastic.co/apm—upgrade to 1.11.0 or later

Is CVE-2021-22133 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 1.11.0
• from 0, < 1.11.0

CVSS scores

References (8)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-22133
• PATCHgithub.com/elastic/apm-agent-go
• WEBdiscuss.elastic.co/t/elastic-apm-agent-for-go-1-11-0-security-update/263252
• WEBgithub.com/elastic/apm-agent-go/commit/c5c7e21aa26a6def7790f74fbceed792ad47ef35