{"id":"GO-2024-3058","summary":"Gorush uses deprecated TLS versions in github.com/appleboy/gorush","details":"An issue in the RunHTTPServer function in Gorush allows attackers to intercept and manipulate data due to the use of a deprecated TLS version.","aliases":["CVE-2024-41270","GHSA-p3pf-mff8-3h47"],"modified":"2024-08-19T17:58:40.669353Z","published":"2024-08-19T17:26:34Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2024-3058"},"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-p3pf-mff8-3h47"},{"type":"FIX","url":"https://github.com/appleboy/gorush/commit/067cb597e485e40b790a267187bf7f00730b1c4b"},{"type":"REPORT","url":"https://github.com/appleboy/gorush/issues/792"},{"type":"WEB","url":"https://gist.github.com/nyxfqq/cfae38fada582a0f576d154be1aeb1fc"}],"affected":[{"package":{"name":"github.com/appleboy/gorush","ecosystem":"Go","purl":"pkg:golang/github.com/appleboy/gorush"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.18.5"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/appleboy/gorush/router","symbols":["RunHTTPServer"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3058.json"}}],"schema_version":"1.7.3"}