Lucene search
GoCVELIST:CVE-2022-32148HistoryAug 09, 2022 - 8:18 p.m.
CVE-2022-32148 Exposure of client IP addresses in net/http
2022-08-0920:18:21
Go
www.cve.org
4
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.
CNA Affected
[
{
"vendor": "Go standard library",
"product": "net/http",
"collectionURL": "https://pkg.go.dev",
"packageName": "net/http",
"versions": [
{
"version": "0",
"lessThan": "1.17.12",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.18.0-0",
"lessThan": "1.18.4",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "Header.Clone"
}
],
"defaultStatus": "unaffected"
}
]Related
prion
prion
Design/Logic Flaw
2022-08-10 20:15:00
cve
cve
CVE-2022-32148
2022-08-10 20:15:47
redhatcve
redhatcve
CVE-2022-32148
2022-07-15 10:33:07
ubuntucve
ubuntucve
CVE-2022-32148
2022-08-10 00:00:00
alpinelinux
alpinelinux
CVE-2022-32148
2022-08-10 20:15:47
veracode
veracode
Information Disclosure
2022-07-22 17:05:45
ibm
ibm
debiancve
debiancve
CVE-2022-32148
2022-08-10 20:15:47
cbl_mariner
cbl_mariner
CVE-2022-32148 affecting package golang 1.18.3-1
2022-09-17 05:56:44
CVE-2022-32148 affecting package golang for versions less than 1.18.5-1
2022-09-16 06:05:39
nvd
nvd
CVE-2022-32148
2022-08-10 20:15:47
osv
osv
Exposure of client IP addresses in net/http
2022-07-28 17:23:05
BIT-golang-2022-32148
2024-03-06 10:59:14
CVE-2022-32148
2022-08-10 20:15:47
nessus
nessus
RHEL 9 : odo (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 8 : odo (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 8 : OpenShift Container Platform 4.11.17 packages and (RHSA-2022:8626)
2023-01-23 00:00:00
redhat
redhat
(RHSA-2022:8626) Moderate: OpenShift Container Platform 4.11.17 packages and security update
2022-11-28 20:39:41
(RHSA-2022:7648) Moderate: grafana-pcp security update
2022-11-08 06:25:29
(RHSA-2022:8250) Moderate: grafana-pcp security update
2022-11-15 06:19:30
rocky
rocky
grafana-pcp security update
2022-11-15 06:19:30
grafana-pcp security update
2022-11-08 06:25:29
git-lfs security and bug fix update
2022-10-25 07:32:51
oraclelinux
oraclelinux
grafana-pcp security update
2022-11-15 00:00:00
grafana-pcp security update
2022-11-22 00:00:00
go-toolset:ol8 security and bug fix update
2022-08-03 00:00:00
almalinux
almalinux
Moderate: grafana-pcp security update
2022-11-15 00:00:00
Moderate: grafana-pcp security update
2022-11-08 00:00:00
Important: go-toolset and golang security and bug fix update
2022-08-01 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-2710)
2022-11-04 00:00:00
Mageia: Security Advisory (MGASA-2022-0262)
2022-07-18 00:00:00
openSUSE: Security Advisory for go1.17 (SUSE-SU-2022:2671-1)
2022-08-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.18.4-alt1
2022-07-28 00:00:00
Security fix for the ALT Linux 10 package golang version 1.17.12-alt1.p10
2022-07-29 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2022-07-12 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2022-07-16 22:58:20
suse
suse
Security update for go1.17 (important)
2022-08-04 00:00:00
Security update for go1.18 (important)
2022-08-04 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0242
2022-09-07 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0242
2022-09-07 00:00:00
amazon
amazon
Important: golist
2022-09-15 04:46:00
Important: golang-github-godbus-dbus
2022-10-17 21:46:00
Important: golang-github-kr-pty
2022-10-17 21:46:00