blob: 3c834087c1d945b0a246f61d12c73b4bb875a634 [file] [log] [blame]
{
"schema_version": "1.3.1",
"id": "GO-2024-2600",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-45289"
],
"summary": "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http",
"details": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not.\n\nA maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"affected": [
{
"package": {
"name": "stdlib",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.8"
},
{
"introduced": "1.22.0-0"
},
{
"fixed": "1.22.1"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "net/http",
"symbols": [
"Client.Do",
"Client.Get",
"Client.Head",
"Client.Post",
"Client.PostForm",
"Get",
"Head",
"Post",
"PostForm",
"isDomainOrSubdomain"
]
},
{
"path": "net/http/cookiejar",
"symbols": [
"Jar.Cookies",
"Jar.SetCookies",
"isIP"
]
}
]
}
}
],
"references": [
{
"type": "REPORT",
"url": "https://go.dev/issue/65065"
},
{
"type": "FIX",
"url": "https://go.dev/cl/569340"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
}
],
"credits": [
{
"name": "Juho Nurminen of Mattermost"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2600",
"review_status": "REVIEWED"
}
}