CVE-2021-33195
CVE Details
Visit the official vulnerability details page for CVE-2021-33195 to learn more.
Initial Publication
01/20/2025
Last Update
10/14/2025
Third Party Dependency
go
NIST CVE Summary
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
CVE Severity
Our Official Summary
This vulnerability is a false positive. Although this is reported by the scanning tools on some of the components, further checks indicate the symbol/function with the vulnerability while present is not being used.
Status
Ongoing
Affected Products & Versions
This CVE is non-impacting as the impacting symbol and/or function is not used in the product
Revision History
| Date | Revision |
|---|---|
| 10/14/2025 | Status changed from Open to Ongoing |