CVE-2024-34068: Go Dns Rebinding Ssrf Toctou
Potential DNS rebinding SSRF (TOCTOU) vulnerability. Code is opening a connection to check its `RemoteAddr()` and then explicitly closing it. If the target hostname is later used in standard HTTP clients, a second DNS resolution will occur allowing attackers to return a malicious internal IP. To fix this, encapsulate the check inside a custom `DialContext` o
Goβgreprules fetch cve-2024-34068-go-dns-rebinding-ssrf-toctou --engine opengrepDescription
Potential DNS rebinding SSRF (TOCTOU) vulnerability. Code is opening a connection to check its `RemoteAddr()` and then explicitly closing it. If the target hostname is later used in standard HTTP clients, a second DNS resolution will occur allowing attackers to return a malicious internal IP. To fix this, encapsulate the check inside a custom `DialContext` o
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0