CVE-2025-4673

Опубликовано: 11 июн. 2025

Источник: debian

EPSS Низкий

Описание

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

Пакет	Статус	Версия исправления	Релиз	Тип
golang-1.24	fixed	1.24.4-1		package
golang-1.23	fixed	1.23.10-1		package
golang-1.19	removed			package
golang-1.19	no-dsa		bookworm	package
golang-1.15	removed			package
golang-1.15	postponed		bullseye	package

https://github.com/golang/go/issues/73816
Fixed by: https://github.com/golang/go/commit/85897ca220a149333a88b1e4d63f3b751f1141f5 (go1.24.4)
Fixed by: https://github.com/golang/go/commit/b897e97c36cb62629a458bc681723ca733404e32 (go1.23.10)

EPSS

Процентиль: 12%

0.00044

Низкий

CVE-2025-4673

CVSS3: 6.8

ubuntu

2 месяца назад

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

CVE-2025-4673

CVSS3: 6.8

redhat

2 месяца назад

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

CVE-2025-4673

CVSS3: 6.8

nvd

2 месяца назад

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

CVE-2025-4673

CVSS3: 6.8

msrc

около 1 месяца назад

Описание отсутствует

GHSA-62jj-gr2r-5c34

CVSS3: 6.8

github

2 месяца назад

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

EPSS

Процентиль: 12%

0.00044

Низкий