Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP request body disclosure in github.com/go-resty/resty/v2
Vulnerability Description
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Resty 安全漏洞
Vulnerability Description
Resty是Go Resty开源的一个适用于 Go 的简单 HTTP 和 REST 客户端库。 Resty 存在安全漏洞,该漏洞源于存在竞争条件,可能会导致跨请求的HTTP请求正文泄露。
CVSS Information
N/A
Vulnerability Type
N/A