Man-in-the-Middle (MitM) Affecting github.com/remind101/empire package, versions *
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMREMIND101EMPIRE-50052
- published 17 Oct 2017
- disclosed 3 Oct 2017
- credit Eric Holmes
How to fix?
A fix was pushed into the master
branch but not yet published.
Overview
github.com/remind101/empire is a control layer on top of Amazon EC2 Container Service (ECS) that provides a Heroku like workflow.
Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). The X-Forwarded-For
header was not blacklisted and it was possible to spoof ip addresses.