1. Home
  2. Security Advisories
  3. Go
  4. GO-2021-0241

[GO-2021-0241] Attacker can drop certain headers in net/http/httputil

Severity Medium
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages Vulnerabilities

ReverseProxy can be made to forward certain hop-by-hop headers, including
Connection. If the target of the ReverseProxy is itself a reverse proxy, this
lets an attacker drop arbitrary headers, including those set by the
ReverseProxy.Director.

Package Affected Version
pkg:golang/net/http/httputil >= 1.16.4, < 1.15.13
pkg:golang/net/http/httputil >= 1.16.4, < 1.16.5
Package Fixed Version
pkg:golang/net/http/httputil = 1.15.13
pkg:golang/net/http/httputil = 1.16.5
ID
GO-2021-0241
Severity
medium
Severity from
CVE-2021-33197
URL
https://pkg.go.dev/vuln/GO-2021-0241
Published
2022-08-12T17:19:52
(2 years ago)
Modified
2024-07-17T19:54:18
(2 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Fixed pkg:golang/net/http/httputil net/http httputil = 1.15.13
Affected pkg:golang/net/http/httputil net/http httputil >= 1.16.4 < 1.15.13
Fixed pkg:golang/net/http/httputil net/http httputil = 1.16.5
Affected pkg:golang/net/http/httputil net/http httputil >= 1.16.4 < 1.16.5
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date