pkg:golang/net/http
Type
golang
Namespace
net
Name
http
Known advisories, vulnerabilities and fixes for net/http package.
- Repository
- https://pkg.go.dev/net/http
Critical
1
High
9
Medium
6
None
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 1.4.2, < 1.4.3 |
CVE-2015-5739
CVE-2015-5740 CVE-2015-5741 |
GO-2021-0159 | Request smuggling due to improper header parsing in net/http | critical |
2022-08-12T17:19:52
(2 years ago) |
|
Fixed | = 1.4.3 |
CVE-2015-5739
CVE-2015-5740 CVE-2015-5741 |
GO-2021-0159 | Request smuggling due to improper header parsing in net/http | critical |
2022-08-12T17:19:52
(2 years ago) |
|
Affected | >= 1.14.4, < 1.13.13 >= 1.14.4, < 1.14.5 |
CVE-2020-15586
|
GO-2021-0224 | Data race and crash in net/http | medium |
2022-08-12T17:19:52
(2 years ago) |
|
Fixed | = 1.13.13 = 1.14.5 |
CVE-2020-15586
|
GO-2021-0224 | Data race and crash in net/http | medium |
2022-08-12T17:19:52
(2 years ago) |
|
Affected | >= 1.16.3, < 1.15.12 >= 1.16.3, < 1.16.4 |
CVE-2021-31525
|
GO-2022-0236 | Panic due to large headers in net/http and golang.org/x/net/http/httpguts | medium |
2022-08-12T17:19:52
(2 years ago) |
|
Fixed | = 1.15.12 = 1.16.4 |
CVE-2021-31525
|
GO-2022-0236 | Panic due to large headers in net/http and golang.org/x/net/http/httpguts | medium |
2022-08-12T17:19:52
(2 years ago) |
|
Affected | >= 1.17.4, < 1.16.12 >= 1.17.4, < 1.17.5 |
CVE-2021-44716
|
GO-2022-0288 | Unbounded memory growth in net/http and golang.org/x/net/http2 | high |
2022-08-12T17:19:52
(2 years ago) |
|
Fixed | = 1.16.12 = 1.17.5 |
CVE-2021-44716
|
GO-2022-0288 | Unbounded memory growth in net/http and golang.org/x/net/http2 | high |
2022-08-12T17:19:52
(2 years ago) |
|
Affected | >= 1.18.3, < 1.17.12 >= 1.18.3, < 1.18.4 |
CVE-2022-32148
|
GO-2022-0520 | Exposure of client IP addresses in net/http | medium |
2022-08-12T17:19:52
(2 years ago) |
|
Fixed | = 1.17.12 = 1.18.4 |
CVE-2022-32148
|
GO-2022-0520 | Exposure of client IP addresses in net/http | medium |
2022-08-12T17:19:52
(2 years ago) |
|
Affected | >= 1.18.3, < 1.17.12 >= 1.18.3, < 1.18.4 |
CVE-2022-1705
|
GO-2022-0525 | Improper sanitization of Transfer-Encoding headers in net/http | medium |
2022-08-12T17:19:52
(2 years ago) |
|
Fixed | = 1.17.12 = 1.18.4 |
CVE-2022-1705
|
GO-2022-0525 | Improper sanitization of Transfer-Encoding headers in net/http | medium |
2022-08-12T17:19:52
(2 years ago) |
|
Affected | >= 1.12.7, < 1.11.13 >= 1.12.7, < 1.12.8 |
CVE-2019-9512
CVE-2019-9514 |
GO-2022-0536 | Reset flood in net/http and golang.org/x/net/http | high |
2022-08-12T17:19:52
(2 years ago) |
|
Fixed | = 1.11.13 = 1.12.8 |
CVE-2019-9512
CVE-2019-9514 |
GO-2022-0536 | Reset flood in net/http and golang.org/x/net/http | high |
2022-08-12T17:19:52
(2 years ago) |
|
Affected | >= 1.6.2, < 1.6.3 |
CVE-2016-5386
|
GO-2022-0761 | Improper input validation in net/http and net/http/cgi | high |
2022-08-12T17:19:52
(2 years ago) |
|
Fixed | = 1.6.3 |
CVE-2016-5386
|
GO-2022-0761 | Improper input validation in net/http and net/http/cgi | high |
2022-08-12T17:19:52
(2 years ago) |
|
Affected | >= 1.19.0, < 1.18.6 >= 1.19.0, < 1.19.1 |
CVE-2022-27664
|
GO-2022-0969 | Denial of service in net/http and golang.org/x/net/http2 | high |
2022-09-12T18:23:01
(2 years ago) |
|
Fixed | = 1.18.6 = 1.19.1 |
CVE-2022-27664
|
GO-2022-0969 | Denial of service in net/http and golang.org/x/net/http2 | high |
2022-09-12T18:23:01
(2 years ago) |
|
Affected | >= 1.19.3, < 1.18.9 >= 1.19.3, < 1.19.4 |
CVE-2022-41720
|
GO-2022-1143 | Restricted file access on Windows in os and net/http | high |
2022-12-06T22:56:59
(21 months ago) |
|
Fixed | = 1.18.9 = 1.19.4 |
CVE-2022-41720
|
GO-2022-1143 | Restricted file access on Windows in os and net/http | high |
2022-12-06T22:56:59
(21 months ago) |
|
Affected | >= 1.19.3, < 1.18.9 >= 1.19.3, < 1.19.4 |
CVE-2022-41717
|
GO-2022-1144 | Excessive memory growth in net/http and golang.org/x/net/http2 | medium |
2022-12-08T17:16:22
(21 months ago) |
|
Fixed | = 1.18.9 = 1.19.4 |
CVE-2022-41717
|
GO-2022-1144 | Excessive memory growth in net/http and golang.org/x/net/http2 | medium |
2022-12-08T17:16:22
(21 months ago) |
|
Affected | >= 1.20.0, < 1.19.6 >= 1.20.0, < 1.20.1 |
CVE-2022-41723
|
GO-2023-1571 | Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net | high |
2023-02-16T21:43:34
(19 months ago) |
|
Fixed | = 1.19.6 = 1.20.1 |
CVE-2022-41723
|
GO-2023-1571 | Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net | high |
2023-02-16T21:43:34
(19 months ago) |
|
Affected | >= 1.20.5, < 1.19.11 >= 1.20.5, < 1.20.6 |
CVE-2023-29406
|
GO-2023-1878 | Insufficient sanitization of Host header in net/http | medium |
2023-07-11T18:17:43
(14 months ago) |
|
Fixed | = 1.19.11 = 1.20.6 |
CVE-2023-29406
|
GO-2023-1878 | Insufficient sanitization of Host header in net/http | medium |
2023-07-11T18:17:43
(14 months ago) |
|
Affected | >= 1.21.2, < 1.20.10 >= 1.21.2, < 1.21.3 |
CVE-2023-39325
|
GO-2023-2102 | HTTP/2 rapid reset can cause excessive work in net/http | high |
2023-10-10T19:15:38
(11 months ago) |
|
Fixed | = 1.20.10 = 1.21.3 |
CVE-2023-39325
|
GO-2023-2102 | HTTP/2 rapid reset can cause excessive work in net/http | high |
2023-10-10T19:15:38
(11 months ago) |
|
Affected | >= 1.22.0, < 1.21.8 >= 1.22.0, < 1.22.1 |
CVE-2023-45289
|
GO-2024-2600 | Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http |
2024-03-05T21:34:02
(6 months ago) |
||
Fixed | = 1.21.8 = 1.22.1 |
CVE-2023-45289
|
GO-2024-2600 | Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http |
2024-03-05T21:34:02
(6 months ago) |
||
Affected | >= 1.22.1, < 1.21.9 >= 1.22.1, < 1.22.2 |
CVE-2023-45288
|
GO-2024-2687 | HTTP/2 CONTINUATION flood in net/http | high |
2024-04-03T17:40:45
(5 months ago) |
|
Fixed | = 1.21.9 = 1.22.2 |
CVE-2023-45288
|
GO-2024-2687 | HTTP/2 CONTINUATION flood in net/http | high |
2024-04-03T17:40:45
(5 months ago) |
|
Affected | >= 1.22.4, < 1.21.12 >= 1.22.4, < 1.22.5 |
CVE-2024-24791
|
GO-2024-2963 | Denial of service due to improper 100-continue handling in net/http | high |
2024-07-02T19:59:20
(2 months ago) |
|
Fixed | = 1.21.12 = 1.22.5 |
CVE-2024-24791
|
GO-2024-2963 | Denial of service due to improper 100-continue handling in net/http | high |
2024-07-02T19:59:20
(2 months ago) |