1. Home
  2. Packages
  3. golang
  4. net
  5. http

pkg:golang/net/http

Type golang
Namespace net
Name http

Known advisories, vulnerabilities and fixes for net/http package.

Repository
https://pkg.go.dev/net/http
Critical 1
High 9
Medium 6
None 1
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected >= 1.4.2, < 1.4.3 CVE-2015-5739
CVE-2015-5740
CVE-2015-5741
go GO-2021-0159 Request smuggling due to improper header parsing in net/http critical 2022-08-12T17:19:52
(2 years ago)
Fixed = 1.4.3 CVE-2015-5739
CVE-2015-5740
CVE-2015-5741
go GO-2021-0159 Request smuggling due to improper header parsing in net/http critical 2022-08-12T17:19:52
(2 years ago)
Affected >= 1.14.4, < 1.13.13 >= 1.14.4, < 1.14.5 CVE-2020-15586
go GO-2021-0224 Data race and crash in net/http medium 2022-08-12T17:19:52
(2 years ago)
Fixed = 1.13.13 = 1.14.5 CVE-2020-15586
go GO-2021-0224 Data race and crash in net/http medium 2022-08-12T17:19:52
(2 years ago)
Affected >= 1.16.3, < 1.15.12 >= 1.16.3, < 1.16.4 CVE-2021-31525
go GO-2022-0236 Panic due to large headers in net/http and golang.org/x/net/http/httpguts medium 2022-08-12T17:19:52
(2 years ago)
Fixed = 1.15.12 = 1.16.4 CVE-2021-31525
go GO-2022-0236 Panic due to large headers in net/http and golang.org/x/net/http/httpguts medium 2022-08-12T17:19:52
(2 years ago)
Affected >= 1.17.4, < 1.16.12 >= 1.17.4, < 1.17.5 CVE-2021-44716
go GO-2022-0288 Unbounded memory growth in net/http and golang.org/x/net/http2 high 2022-08-12T17:19:52
(2 years ago)
Fixed = 1.16.12 = 1.17.5 CVE-2021-44716
go GO-2022-0288 Unbounded memory growth in net/http and golang.org/x/net/http2 high 2022-08-12T17:19:52
(2 years ago)
Affected >= 1.18.3, < 1.17.12 >= 1.18.3, < 1.18.4 CVE-2022-32148
go GO-2022-0520 Exposure of client IP addresses in net/http medium 2022-08-12T17:19:52
(2 years ago)
Fixed = 1.17.12 = 1.18.4 CVE-2022-32148
go GO-2022-0520 Exposure of client IP addresses in net/http medium 2022-08-12T17:19:52
(2 years ago)
Affected >= 1.18.3, < 1.17.12 >= 1.18.3, < 1.18.4 CVE-2022-1705
go GO-2022-0525 Improper sanitization of Transfer-Encoding headers in net/http medium 2022-08-12T17:19:52
(2 years ago)
Fixed = 1.17.12 = 1.18.4 CVE-2022-1705
go GO-2022-0525 Improper sanitization of Transfer-Encoding headers in net/http medium 2022-08-12T17:19:52
(2 years ago)
Affected >= 1.12.7, < 1.11.13 >= 1.12.7, < 1.12.8 CVE-2019-9512
CVE-2019-9514
go GO-2022-0536 Reset flood in net/http and golang.org/x/net/http high 2022-08-12T17:19:52
(2 years ago)
Fixed = 1.11.13 = 1.12.8 CVE-2019-9512
CVE-2019-9514
go GO-2022-0536 Reset flood in net/http and golang.org/x/net/http high 2022-08-12T17:19:52
(2 years ago)
Affected >= 1.6.2, < 1.6.3 CVE-2016-5386
go GO-2022-0761 Improper input validation in net/http and net/http/cgi high 2022-08-12T17:19:52
(2 years ago)
Fixed = 1.6.3 CVE-2016-5386
go GO-2022-0761 Improper input validation in net/http and net/http/cgi high 2022-08-12T17:19:52
(2 years ago)
Affected >= 1.19.0, < 1.18.6 >= 1.19.0, < 1.19.1 CVE-2022-27664
go GO-2022-0969 Denial of service in net/http and golang.org/x/net/http2 high 2022-09-12T18:23:01
(2 years ago)
Fixed = 1.18.6 = 1.19.1 CVE-2022-27664
go GO-2022-0969 Denial of service in net/http and golang.org/x/net/http2 high 2022-09-12T18:23:01
(2 years ago)
Affected >= 1.19.3, < 1.18.9 >= 1.19.3, < 1.19.4 CVE-2022-41720
go GO-2022-1143 Restricted file access on Windows in os and net/http high 2022-12-06T22:56:59
(21 months ago)
Fixed = 1.18.9 = 1.19.4 CVE-2022-41720
go GO-2022-1143 Restricted file access on Windows in os and net/http high 2022-12-06T22:56:59
(21 months ago)
Affected >= 1.19.3, < 1.18.9 >= 1.19.3, < 1.19.4 CVE-2022-41717
go GO-2022-1144 Excessive memory growth in net/http and golang.org/x/net/http2 medium 2022-12-08T17:16:22
(21 months ago)
Fixed = 1.18.9 = 1.19.4 CVE-2022-41717
go GO-2022-1144 Excessive memory growth in net/http and golang.org/x/net/http2 medium 2022-12-08T17:16:22
(21 months ago)
Affected >= 1.20.0, < 1.19.6 >= 1.20.0, < 1.20.1 CVE-2022-41723
go GO-2023-1571 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net high 2023-02-16T21:43:34
(19 months ago)
Fixed = 1.19.6 = 1.20.1 CVE-2022-41723
go GO-2023-1571 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net high 2023-02-16T21:43:34
(19 months ago)
Affected >= 1.20.5, < 1.19.11 >= 1.20.5, < 1.20.6 CVE-2023-29406
go GO-2023-1878 Insufficient sanitization of Host header in net/http medium 2023-07-11T18:17:43
(14 months ago)
Fixed = 1.19.11 = 1.20.6 CVE-2023-29406
go GO-2023-1878 Insufficient sanitization of Host header in net/http medium 2023-07-11T18:17:43
(14 months ago)
Affected >= 1.21.2, < 1.20.10 >= 1.21.2, < 1.21.3 CVE-2023-39325
go GO-2023-2102 HTTP/2 rapid reset can cause excessive work in net/http high 2023-10-10T19:15:38
(11 months ago)
Fixed = 1.20.10 = 1.21.3 CVE-2023-39325
go GO-2023-2102 HTTP/2 rapid reset can cause excessive work in net/http high 2023-10-10T19:15:38
(11 months ago)
Affected >= 1.22.0, < 1.21.8 >= 1.22.0, < 1.22.1 CVE-2023-45289
go GO-2024-2600 Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http 2024-03-05T21:34:02
(6 months ago)
Fixed = 1.21.8 = 1.22.1 CVE-2023-45289
go GO-2024-2600 Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http 2024-03-05T21:34:02
(6 months ago)
Affected >= 1.22.1, < 1.21.9 >= 1.22.1, < 1.22.2 CVE-2023-45288
go GO-2024-2687 HTTP/2 CONTINUATION flood in net/http high 2024-04-03T17:40:45
(5 months ago)
Fixed = 1.21.9 = 1.22.2 CVE-2023-45288
go GO-2024-2687 HTTP/2 CONTINUATION flood in net/http high 2024-04-03T17:40:45
(5 months ago)
Affected >= 1.22.4, < 1.21.12 >= 1.22.4, < 1.22.5 CVE-2024-24791
go GO-2024-2963 Denial of service due to improper 100-continue handling in net/http high 2024-07-02T19:59:20
(2 months ago)
Fixed = 1.21.12 = 1.22.5 CVE-2024-24791
go GO-2024-2963 Denial of service due to improper 100-continue handling in net/http high 2024-07-02T19:59:20
(2 months ago)