Sensitive HTTP Header Leakage in Elastic APM Agent for Go
CVE-2021-22133
2.4LOW
What is CVE-2021-22133?
The Elastic APM Agent for Go prior to version 1.11.0 is vulnerable to information leakage. In scenarios where the application experiences a panic, sensitive HTTP header information may be logged without proper sanitization. This flaw can lead to unauthorized disclosure of sensitive data that the APM agent typically protects. Ensuring your APM agent is updated to version 1.11.0 or later is crucial for maintaining data security.
Affected Version(s)
Elastic APM Agent for Go before 1.11.0