blob: 505a3543a9c3a6595d12ac6b7eaeb858fc6fd4e8 [file] [log] [blame]
packages:
- module: std
package: net/textproto
symbols:
- CanonicalMIMEHeaderKey
- canonicalMIMEHeaderKey
versions:
- fixed: 1.4.3
description: |
The MIME header parser treated spaces and hyphens
as equivalent, which can permit HTTP request smuggling.
published: 2022-01-05T20:00:00Z
cves:
- CVE-2015-5739
credit: RĂ©gis Leroy
links:
pr: https://go.dev/cl/11772
commit: https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9
context:
- https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ