Medium severity5.5NVD Advisory· Published Apr 3, 2018· Updated Jun 17, 2026
CVE-2018-1099
CVE-2018-1099
Description
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
go.etcd.io/etcdGo | < 3.4.0 | 3.4.0 |
Affected products
14- osv-coords13 versionspkg:apk/chainguard/dgraphpkg:apk/chainguard/etcd-3.4pkg:apk/chainguard/etcd-3.4-bitnami-compatpkg:apk/chainguard/etcd-3.4-iamguarded-compatpkg:apk/chainguard/etcd-fips-3.4pkg:apk/chainguard/juicefs-1.2pkg:apk/chainguard/juicefs-1.2-compatpkg:apk/chainguard/juicefs-1.3pkg:apk/chainguard/juicefs-1.3-compatpkg:apk/wolfi/dgraphpkg:apk/wolfi/juicefs-1.3pkg:apk/wolfi/juicefs-1.3-compatpkg:golang/go.etcd.io/etcd
< 23.1.0-r6+ 12 more
- (no CPE)range: < 23.1.0-r6
- (no CPE)range: < 3.4.36-r1
- (no CPE)range: < 3.4.36-r1
- (no CPE)range: < 3.4.36-r1
- (no CPE)range: < 3.4.36-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 23.1.0-r6
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.4.0
- Red Hat, Inc./etcdv5Range: 3.3.1 and earlier
Patches
Vulnerability mechanics
References
9- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchVendor AdvisoryWEB
- github.com/coreos/etcd/issues/9353nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-wf43-55jj-vwq8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1099ghsaADVISORY
- github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKSghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/nvd
News mentions
0No linked articles in our index yet.