Количество 22
Количество 22
GHSA-32ch-6x54-q4h9
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
CVE-2023-45289
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
CVE-2023-45289
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
CVE-2023-45289
When following an HTTP redirect to a domain which is not a subdomain m ...
BDU:2024-02034
Уязвимость пакета golang операционной системы Debian GNU/Linux, позволяющая нарушителю получить доступ к конфиденциальной информации
RLSA-2024:3346
Important: git-lfs security update
RLSA-2024:2724
Important: git-lfs security update
ELSA-2024-3346
ELSA-2024-3346: git-lfs security update (IMPORTANT)
ELSA-2024-2724
ELSA-2024-2724: git-lfs security update (IMPORTANT)
SUSE-SU-2024:0936-1
Security update for go1.22
SUSE-SU-2024:0812-1
Security update for go1.22
SUSE-SU-2024:0811-1
Security update for go1.21
SUSE-SU-2024:0800-1
Security update for go1.21
ELSA-2024-3259
ELSA-2024-3259: go-toolset:ol8 security update (IMPORTANT)
RLSA-2024:2562
Important: golang security update
ELSA-2024-2562
ELSA-2024-2562: golang security update (IMPORTANT)
ROS-20240422-05
Множественные уязвимости golang
SUSE-SU-2024:3755-1
Security update for go1.21-openssl
SUSE-SU-2024:3089-1
Security update for go1.21-openssl
SUSE-SU-2024:3938-1
Security update for go1.22-openssl
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-32ch-6x54-q4h9 When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | CVE-2023-45289 When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | CVE-2023-45289 When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| CVE-2023-45289 When following an HTTP redirect to a domain which is not a subdomain m ... | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | BDU:2024-02034 Уязвимость пакета golang операционной системы Debian GNU/Linux, позволяющая нарушителю получить доступ к конфиденциальной информации | CVSS3: 3.1 | 0% Низкий | больше 1 года назад |
 | RLSA-2024:3346 Important: git-lfs security update | около 1 года назад | ||
| RLSA-2024:2724 Important: git-lfs security update | около 1 года назад | ||
| ELSA-2024-3346 ELSA-2024-3346: git-lfs security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-2724 ELSA-2024-2724: git-lfs security update (IMPORTANT) | около 1 года назад | ||
 | SUSE-SU-2024:0936-1 Security update for go1.22 | больше 1 года назад | ||
| SUSE-SU-2024:0812-1 Security update for go1.22 | больше 1 года назад | ||
| SUSE-SU-2024:0811-1 Security update for go1.21 | больше 1 года назад | ||
| SUSE-SU-2024:0800-1 Security update for go1.21 | больше 1 года назад | ||
| ELSA-2024-3259 ELSA-2024-3259: go-toolset:ol8 security update (IMPORTANT) | около 1 года назад | ||
| RLSA-2024:2562 Important: golang security update | около 1 года назад | ||
| ELSA-2024-2562 ELSA-2024-2562: golang security update (IMPORTANT) | около 1 года назад | ||
 | ROS-20240422-05 Множественные уязвимости golang | CVSS3: 7.5 | около 1 года назад | |
| SUSE-SU-2024:3755-1 Security update for go1.21-openssl | 8 месяцев назад | ||
| SUSE-SU-2024:3089-1 Security update for go1.21-openssl | 10 месяцев назад | ||
| SUSE-SU-2024:3938-1 Security update for go1.22-openssl | 8 месяцев назад |
Уязвимостей на страницу