Количество 21
Количество 21
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
CVE-2024-45336
Sensitive headers incorrectly sent after cross-domain redirect in net/http
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain ...
GHSA-7wrw-r4p8-38rx
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
BDU:2025-02667
Уязвимость языка программирования Golang, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к учетным данным
SUSE-SU-2025:0281-1
Security update for go1.22
SUSE-SU-2025:0280-1
Security update for go1.23
ROS-20250212-16
Множественные уязвимости golang
RLSA-2025:7592
Important: yggdrasil security update
ELSA-2025-7592
ELSA-2025-7592: yggdrasil security update (IMPORTANT)
ELSA-2025-3772
ELSA-2025-3772: go-toolset:ol8 security update (MODERATE)
SUSE-SU-2025:1555-1
Security update for go1.22-openssl
RLSA-2025:7466
Moderate: delve and golang security update
ELSA-2025-7466
ELSA-2025-7466: delve and golang security update (MODERATE)
SUSE-SU-2025:0285-1
Security update for go1.24
SUSE-SU-2025:01731-1
Security update for go1.23-openssl
SUSE-SU-2025:03159-1
Security update for go1.23-openssl
SUSE-SU-2025:0429-1
Security update for govulncheck-vulndb
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | CVSS3: 5.9 | 0% Низкий | 10 месяцев назад |
 | CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-45336 Sensitive headers incorrectly sent after cross-domain redirect in net/http | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
| CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain ... | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
| GHSA-7wrw-r4p8-38rx The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
 | BDU:2025-02667 Уязвимость языка программирования Golang, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к учетным данным | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
 | SUSE-SU-2025:0281-1 Security update for go1.22 | 9 месяцев назад | ||
| SUSE-SU-2025:0280-1 Security update for go1.23 | 9 месяцев назад | ||
 | ROS-20250212-16 Множественные уязвимости golang | CVSS3: 6.1 | 9 месяцев назад | |
 | RLSA-2025:7592 Important: yggdrasil security update | около 1 месяца назад | ||
| ELSA-2025-7592 ELSA-2025-7592: yggdrasil security update (IMPORTANT) | 4 месяца назад | ||
| ELSA-2025-3772 ELSA-2025-3772: go-toolset:ol8 security update (MODERATE) | 7 месяцев назад | ||
| SUSE-SU-2025:1555-1 Security update for go1.22-openssl | 6 месяцев назад | ||
| RLSA-2025:7466 Moderate: delve and golang security update | около 1 месяца назад | ||
| ELSA-2025-7466 ELSA-2025-7466: delve and golang security update (MODERATE) | 4 месяца назад | ||
| SUSE-SU-2025:0285-1 Security update for go1.24 | 9 месяцев назад | ||
| SUSE-SU-2025:01731-1 Security update for go1.23-openssl | 5 месяцев назад | ||
| SUSE-SU-2025:03159-1 Security update for go1.23-openssl | около 2 месяцев назад | ||
| SUSE-SU-2025:0429-1 Security update for govulncheck-vulndb | 9 месяцев назад |
Уязвимостей на страницу