Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-45289HistoryMar 05, 2024 - 11:15 p.m.
CVE-2023-45289
2024-03-0523:15:07
Debian Security Bug Tracker
security-tracker.debian.org
6
http
redirect
sensitive headers
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as “Authorization” or “Cookie”. For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | golang-1.11 | <= 1.11.6-1+deb10u4 | golang-1.11_1.11.6-1+deb10u4_all.deb |
| Debian | 11 | all | golang-1.15 | <= 1.15.15-1~deb11u4 | golang-1.15_1.15.15-1~deb11u4_all.deb |
| Debian | 12 | all | golang-1.19 | <= 1.19.8-2 | golang-1.19_1.19.8-2_all.deb |
| Debian | 999 | all | golang-1.21 | < 1.21.8-1 | golang-1.21_1.21.8-1_all.deb |
| Debian | 13 | all | golang-1.21 | < 1.21.8-1 | golang-1.21_1.21.8-1_all.deb |
| Debian | 999 | all | golang-1.22 | < 1.22.1-1 | golang-1.22_1.22.1-1_all.deb |
| Debian | 13 | all | golang-1.22 | < 1.22.1-1 | golang-1.22_1.22.1-1_all.deb |
Related
osv
osv
BIT-golang-2023-45289
2024-03-12 08:24:51
Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http
2024-03-05 22:15:02
Important: git-lfs security update
2024-05-07 00:00:00
alpinelinux
alpinelinux
CVE-2023-45289
2024-03-05 23:15:07
nvd
nvd
CVE-2023-45289
2024-03-05 23:15:07
prion
prion
Authorization
2024-03-05 23:15:00
cbl_mariner
cbl_mariner
CVE-2023-45289 affecting package golang for versions less than 1.21.6-1
2024-06-25 03:09:54
ubuntucve
ubuntucve
CVE-2023-45289
2024-03-05 00:00:00
cve
cve
CVE-2023-45289
2024-03-05 23:15:07
wolfi
wolfi
CVE-2023-45289 vulnerabilities
2024-06-25 03:08:26
cgr
cgr
CVE-2023-45289 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2023-45289
2024-03-06 03:33:22
cvelist
cvelist
veracode
veracode
Sensitive Information Disclosure
2024-03-17 15:19:39
nessus
nessus
RHEL 9 : git-lfs (RHSA-2024:2724)
2024-05-07 00:00:00
EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1589)
2024-05-09 00:00:00
AlmaLinux 9 : git-lfs (ALSA-2024:2724)
2024-05-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1567)
2024-05-10 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1589)
2024-05-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0811-1)
2024-03-11 00:00:00
redhat
redhat
(RHSA-2024:3346) Important: git-lfs security update
2024-05-23 14:21:44
(RHSA-2024:2724) Important: git-lfs security update
2024-05-07 09:06:06
(RHSA-2024:3259) Important: go-toolset:rhel8 security update
2024-05-22 10:41:22
almalinux
almalinux
Important: git-lfs security update
2024-05-23 00:00:00
Important: git-lfs security update
2024-05-07 00:00:00
Important: go-toolset:rhel8 security update
2024-05-22 00:00:00
rocky
rocky
git-lfs security update
2024-05-10 14:32:42
go-toolset:rhel8 security update
2024-06-14 13:59:30
golang security update
2024-05-10 14:32:42
oraclelinux
oraclelinux
git-lfs security update
2024-05-29 00:00:00
git-lfs security update
2024-05-07 00:00:00
go-toolset:ol8 security update
2024-05-29 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2024-03-05 00:00:00
redos
redos
ROS-20240422-05
2024-04-22 00:00:00
amazon
amazon
Medium: golang
2024-05-23 22:04:00
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.4%
Related for DEBIANCVE:CVE-2023-45289