Lucene search
GoogleOSV:CVE-2023-29406HistoryJul 11, 2023 - 8:15 p.m.
CVE-2023-29406
2023-07-1120:15:10
Google
osv.dev
7
cve-2023-29406
host header injection
http/1 client
security fix
software
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go | eq | weekly.2010-01-05 | |
| go | eq | weekly.2010-08-11 | |
| go | eq | weekly.2011-09-01 | |
| go | eq | weekly.2011-06-09 | |
| go | eq | weekly.2010-11-10 | |
| go | eq | weekly.2011-07-07 | |
| go | eq | go1.19.7 | |
| go | eq | go1.19.8 | |
| go | eq | weekly.2011-08-10 | |
| go | eq | go1.9.2 |
Related
redhatcve
redhatcve
CVE-2023-29406
2023-07-21 07:30:20
amazon
amazon
Important: golang
2023-08-03 18:10:00
Important: golist
2023-08-03 18:10:00
Important: cri-tools
2023-08-03 18:10:00
osv
osv
BIT-golang-2023-29406
2024-03-06 10:55:04
Moderate: container-tools:4.0 security and bug fix update
2023-11-28 22:43:02
Insufficient sanitization of Host header in net/http
2023-07-11 19:19:08
nessus
nessus
Amazon Linux 2023 : runc (ALAS2023-2023-311)
2023-08-24 00:00:00
Amazon Linux 2023 : ecs-init (ALAS2023-2024-480)
2024-01-08 00:00:00
Rocky Linux 8 : container-tools:4.0 (RLSA-2023:7202)
2023-11-28 00:00:00
veracode
veracode
CRLF Injection
2023-07-17 03:51:29
cbl_mariner
cbl_mariner
CVE-2023-29406 affecting package golang for versions less than 1.20.7-1
2024-06-02 15:22:43
CVE-2023-29406 affecting package golang for versions less than 1.20.7-1
2024-06-02 15:22:37
CVE-2023-29406 affecting package msft-golang for versions less than 1.20.7-1
2024-06-02 15:22:43
cgr
cgr
CVE-2023-29406 vulnerabilities
2024-05-19 03:07:16
almalinux
almalinux
Moderate: container-tools:4.0 security and bug fix update
2023-11-14 00:00:00
Moderate: toolbox security and bug fix update
2023-11-07 00:00:00
Moderate: containernetworking-plugins security and bug fix update
2023-11-07 00:00:00
ibm
ibm
prion
prion
Design/Logic Flaw
2023-07-11 20:15:00
oraclelinux
oraclelinux
container-tools:4.0 security and bug fix update
2023-11-22 00:00:00
containernetworking-plugins security and bug fix update
2023-11-11 00:00:00
skopeo security update
2023-11-11 00:00:00
ubuntucve
ubuntucve
CVE-2023-29406
2023-07-11 00:00:00
cvelist
cvelist
CVE-2023-29406 Insufficient sanitization of Host header in net/http
2023-07-11 19:23:58
redhat
redhat
(RHSA-2023:7202) Moderate: container-tools:4.0 security and bug fix update
2023-11-14 16:23:40
(RHSA-2024:0293) Moderate: OpenShift Container Platform 4.14.10 packages and security update
2024-01-23 20:33:05
(RHSA-2023:5721) Important: go-toolset:rhel8 security update
2023-10-16 12:13:12
alpinelinux
alpinelinux
CVE-2023-29406
2023-07-11 20:15:10
openvas
openvas
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:3002-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for go1.19 (SUSE-SU-2023:3841-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3029)
2023-10-31 00:00:00
cve
cve
CVE-2023-29406
2023-07-11 20:15:10
rocky
rocky
container-tools:4.0 security and bug fix update
2023-11-28 22:43:02
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57
wolfi
wolfi
CVE-2023-29406 vulnerabilities
2024-06-02 15:23:11
debiancve
debiancve
CVE-2023-29406
2023-07-11 20:15:10
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0066
2023-08-05 00:00:00
Moderate Photon OS Security Update - PHSA-2023-4.0-0484
2023-10-05 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0644
2023-09-06 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2023-04-27 00:00:00
redos
redos
ROS-20240418-06
2024-04-18 00:00:00
gentoo
gentoo
Go: Multiple Vulnerabilities
2023-11-25 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00