1. Home
  2. Security Advisories
  3. Alpine Linux
  4. ALPINE:CVE-2023-45289

[ALPINE:CVE-2023-45289] go vulnerability

Affected Packages 7
Fixed Packages 7
CVEs 1
Info Packages Vulnerabilities

[From CVE-2023-45289] When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.

Package Affected Version
pkg:apk/alpine/go?arch=x86_64&distro=alpine-3.19 < 1.21.8-r0
pkg:apk/alpine/go?arch=x86&distro=alpine-3.19 < 1.21.8-r0
pkg:apk/alpine/go?arch=s390x&distro=alpine-3.19 < 1.21.8-r0
pkg:apk/alpine/go?arch=ppc64le&distro=alpine-3.19 < 1.21.8-r0
pkg:apk/alpine/go?arch=armv7&distro=alpine-3.19 < 1.21.8-r0
pkg:apk/alpine/go?arch=armhf&distro=alpine-3.19 < 1.21.8-r0
pkg:apk/alpine/go?arch=aarch64&distro=alpine-3.19 < 1.21.8-r0
Package Fixed Version
pkg:apk/alpine/go?arch=x86_64&distro=alpine-3.19 = 1.21.8-r0
pkg:apk/alpine/go?arch=x86&distro=alpine-3.19 = 1.21.8-r0
pkg:apk/alpine/go?arch=s390x&distro=alpine-3.19 = 1.21.8-r0
pkg:apk/alpine/go?arch=ppc64le&distro=alpine-3.19 = 1.21.8-r0
pkg:apk/alpine/go?arch=armv7&distro=alpine-3.19 = 1.21.8-r0
pkg:apk/alpine/go?arch=armhf&distro=alpine-3.19 = 1.21.8-r0
pkg:apk/alpine/go?arch=aarch64&distro=alpine-3.19 = 1.21.8-r0
ID
ALPINE:CVE-2023-45289
URL
https://security.alpinelinux.org/vuln/CVE-2023-45289
Published
2024-03-05T23:15:07
(6 months ago)
Modified
2024-03-05T23:15:07
(6 months ago)
Rights
Alpine Linux Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Fixed pkg:apk/alpine/go?arch=x86_64&distro=alpine-3.19 alpine go = 1.21.8-r0 alpine-3.19 x86_64
Affected pkg:apk/alpine/go?arch=x86_64&distro=alpine-3.19 alpine go < 1.21.8-r0 alpine-3.19 x86_64
Fixed pkg:apk/alpine/go?arch=x86&distro=alpine-3.19 alpine go = 1.21.8-r0 alpine-3.19 x86
Affected pkg:apk/alpine/go?arch=x86&distro=alpine-3.19 alpine go < 1.21.8-r0 alpine-3.19 x86
Fixed pkg:apk/alpine/go?arch=s390x&distro=alpine-3.19 alpine go = 1.21.8-r0 alpine-3.19 s390x
Affected pkg:apk/alpine/go?arch=s390x&distro=alpine-3.19 alpine go < 1.21.8-r0 alpine-3.19 s390x
Fixed pkg:apk/alpine/go?arch=ppc64le&distro=alpine-3.19 alpine go = 1.21.8-r0 alpine-3.19 ppc64le
Affected pkg:apk/alpine/go?arch=ppc64le&distro=alpine-3.19 alpine go < 1.21.8-r0 alpine-3.19 ppc64le
Fixed pkg:apk/alpine/go?arch=armv7&distro=alpine-3.19 alpine go = 1.21.8-r0 alpine-3.19 armv7
Affected pkg:apk/alpine/go?arch=armv7&distro=alpine-3.19 alpine go < 1.21.8-r0 alpine-3.19 armv7
Fixed pkg:apk/alpine/go?arch=armhf&distro=alpine-3.19 alpine go = 1.21.8-r0 alpine-3.19 armhf
Affected pkg:apk/alpine/go?arch=armhf&distro=alpine-3.19 alpine go < 1.21.8-r0 alpine-3.19 armhf
Fixed pkg:apk/alpine/go?arch=aarch64&distro=alpine-3.19 alpine go = 1.21.8-r0 alpine-3.19 aarch64
Affected pkg:apk/alpine/go?arch=aarch64&distro=alpine-3.19 alpine go < 1.21.8-r0 alpine-3.19 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date