Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-45289

Published: 05/03/2024 Updated: 29/03/2024

Vulnerability Summary

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.

Mailing Lists

Full Disclosure: 5 CVEs fixed in Go 1.22.1 and Go 1.21.8, 1 CVE fixed in google.golang.org/protobuf
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> 5 CVEs fixed in Go 1221 and Go 1218, 1 CVE fixed in googlegolangorg/protobuf <!--X-Subject-Header-End--> <!--X-Head-of-M ...

References

https://go.dev/issue/65065https://go.dev/cl/569340https://groups.google.com/g/golang-announce/c/5pwGVUPoMbghttps://pkg.go.dev/vuln/GO-2024-2600https://security.netapp.com/advisory/ntap-20240329-0006/https://nvd.nist.govhttps://seclists.org/oss-sec/2024/q1/197
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook