data/cve/v5/GO-2023-1878.json

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0",
  "cveMetadata": {
    "cveId": "CVE-2023-29406"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc"
      },
      "title": "Insufficient sanitization of Host header in net/http",
      "descriptions": [
        {
          "lang": "en",
          "value": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value."
        }
      ],
      "affected": [
        {
          "vendor": "Go standard library",
          "product": "net/http",
          "collectionURL": "https://pkg.go.dev",
          "packageName": "net/http",
          "versions": [
            {
              "version": "0",
              "lessThan": "1.19.11",
              "status": "affected",
              "versionType": "semver"
            },
            {
              "version": "1.20.0-0",
              "lessThan": "1.20.6",
              "status": "affected",
              "versionType": "semver"
            }
          ],
          "programRoutines": [
            {
              "name": "Request.write"
            },
            {
              "name": "Client.CloseIdleConnections"
            },
            {
              "name": "Client.Do"
            },
            {
              "name": "Client.Get"
            },
            {
              "name": "Client.Head"
            },
            {
              "name": "Client.Post"
            },
            {
              "name": "Client.PostForm"
            },
            {
              "name": "Get"
            },
            {
              "name": "Head"
            },
            {
              "name": "Post"
            },
            {
              "name": "PostForm"
            },
            {
              "name": "Request.Write"
            },
            {
              "name": "Request.WriteProxy"
            },
            {
              "name": "Transport.CancelRequest"
            },
            {
              "name": "Transport.CloseIdleConnections"
            },
            {
              "name": "Transport.RoundTrip"
            }
          ],
          "defaultStatus": "unaffected"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://go.dev/issue/60374"
        },
        {
          "url": "https://go.dev/cl/506996"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1878"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230814-0002/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bartek Nowotarski"
        }
      ]
    }
  }
}