CVE-2023-29406
CVSS v3.1
6.5 (Medium)
EPSS
0.12 % (47th)
Affected Products
1
Advisories
41
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
Weaknesses
- CWE-436
- Interpretation Conflict
- CVE Status
- PUBLISHED
- CNA
- Go Project
- Published Date
-
2023-07-11 20:15:10
(14 months ago) - Updated Date
-
2023-11-25 11:15:14
(9 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...