25 matches found
PT-2024-2133
Name of the Vulnerable Software and Affected Versions: golang versions affected versions not specified http.Client affected versions not specified Description: The issue is related to how an http.Client handles HTTP redirects. When an HTTP redirect is made to a domain that is not a subdomain matc...
go -- multiple vulnerabilities
The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in...
OESA-2023-1917 varnish security update
This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...
golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty
A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...
golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty
A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...