Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2022-31028
HistoryJun 07, 2022 - 4:15 p.m.

CVE-2022-31028

2022-06-0716:15:07
Google
osv.dev
8
minio
vulnerability
go-routine
http
connections
upgrade
patch
reverse proxy
malicious clients

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

61.7%

JSON

MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected. Users should upgrade to RELEASE.2022-06-02T02-11-04Z to receive a patch. One possible workaround is to use a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from such malicious clients.

Related

cve 1
veracode 1
cvelist 1
prion 1
osv 1
nvd 1
ibm 1
cve
cve
CVE-2022-31028
2022-06-07 16:15:07
veracode
veracode
Denial Of Service (DoS)
2022-06-08 08:17:14
cvelist
cvelist
CVE-2022-31028 Possible DDOS by establishing keep-alive connections with anonymous HTTP clients in MinIO
2022-06-03 14:40:11
prion
prion
Design/Logic Flaw
2022-06-07 16:15:00
osv
osv
BIT-minio-2022-31028
2024-03-06 10:57:16
nvd
nvd
CVE-2022-31028
2022-06-07 16:15:07
ibm
ibm
Security Bulletin: Vulnerabilities in Golang Go and MinIO may affect IBM Spectrum Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634, CVE-2022-35919, CVE-2022-31028)
2022-09-17 13:44:52

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

61.7%

JSON
Related for OSV:CVE-2022-31028
cve1veracode1cvelist1prion1osv1nvd1ibm1