CVE-2024-41270: Gorush uses deprecated TLS versions

August 6, 2024 (updated August 7, 2024)

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version.

References

gist.github.com/nyxfqq/cfae38fada582a0f576d154be1aeb1fc
github.com/advisories/GHSA-p3pf-mff8-3h47
github.com/appleboy/gorush
github.com/appleboy/gorush/commit/067cb597e485e40b790a267187bf7f00730b1c4b
github.com/appleboy/gorush/issues/792
nvd.nist.gov/vuln/detail/CVE-2024-41270

Detect and mitigate CVE-2024-41270 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →