Lucene search
K

248 matches found

OSV
OSV
added 2025/07/09 12:0 a.m.6 views

ALSA-2025:10676 Moderate: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

6.8CVSS6.9AI score0.0056EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/07/09 12:0 a.m.9 views

Moderate: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

6.8CVSS7.2AI score0.0056EPSS
Exploits0References4
OSV
OSV
added 2025/07/09 12:0 a.m.4 views

ALSA-2025:10677 Moderate: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

6.8CVSS6.9AI score0.0056EPSS
Exploits0References4
OSV
OSV
added 2025/07/09 12:0 a.m.6 views

ALSA-2025:10672 Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score,...

6.8CVSS7AI score0.0056EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/07/09 12:0 a.m.5 views

RHEL 9 : golang (RHSA-2025:10676)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10676 advisory. The golang packages provide the Go programming language compiler. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect i...

6.8CVSS6.6AI score0.0056EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/07/09 12:0 a.m.4 views

RHEL 10 : golang (RHSA-2025:10677)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10677 advisory. The golang packages provide the Go programming language compiler. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect ...

6.8CVSS6.6AI score0.0056EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/06/30 12:0 a.m.2 views

EulerOS 2.0 SP13 : golang (EulerOS-SA-2025-1702)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate...

6.1CVSS6.5AI score0.00647EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/06/24 11:31 a.m.5 views

golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header redirected to b.com/ will not send that header to b.com. However, the...

6.1CVSS7.2AI score0.00647EPSS
Exploits0References6
OSV
OSV
added 2025/06/18 3:11 a.m.7 views

USN-7574-1 golang-1.22 vulnerabilities

Kyle Seely discovered that the Go net/http module did not properly handle sensitive headers during repeated redirects. An attacker could possibly use this issue to obtain sensitive information. CVE-2024-45336 Juho Forsén discovered that the Go crypto/x509 module incorrectly handled IPv6 addresses...

6.8CVSS6.7AI score0.00647EPSS
Exploits2References6
OSV
OSV
added 2025/06/14 5:46 a.m.5 views

BIT-GOLANG-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS7.2AI score0.0056EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 11:11 a.m.6 views

Security Bulletin: Go net/http package is vulnerable to a denial of service,a remote attacker could exploit this vulnerability to cause a denial of service, affects watsonx.data

Summary Go net/http package is vulnerable to a denial of service, caused by improper 100-continue header handling. By sending "Expect: 100-continue" requests, a remote attacker could exploit this vulnerability to cause a denial of service and this could affect watsonx.data. Vulnerability Details...

7.5CVSS9.2AI score0.01414EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/06/11 4:42 p.m.33 views

CVE-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

0.0056EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/11 4:42 p.m.4 views

CVE-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

7.1AI score0.0056EPSS
Exploits0References4
OSV
OSV
added 2025/06/11 4:23 p.m.4 views

GO-2025-3751 Sensitive headers not cleared on cross-origin redirect in net/http

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS7.1AI score0.0056EPSS
Exploits0References3
OSV
OSV
added 2025/05/28 2:33 p.m.2 views

SUSE-SU-2025:01731-1 Security update for go1.23-openssl

This update for go1.23-openssl fixes the following issues: Update to version 1.23.9 bsc1229122: Security fixes: - CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross-domain redirect bsc1236046 - CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name constrain...

9.1CVSS5.9AI score0.00724EPSS
Exploits2References12
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/22 6:33 a.m.16 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure messa...

7.5CVSS7.8AI score0.00868EPSS
Exploits2Affected Software1
OSV
OSV
added 2025/05/15 5:5 a.m.9 views

SUSE-SU-2025:1555-1 Security update for go1.22-openssl

This update for go1.22-openssl fixes the following issues: Update to version 1.22.12 bsc1218424: Security fixes: - CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross-domain redirect bsc1236046 - CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name...

6.1CVSS6.5AI score0.00647EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/05/14 5:51 p.m.8 views

golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header redirected to b.com/ will not send that header to b.com. However, the...

6.1CVSS7.2AI score0.00647EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/05/14 11:52 a.m.3 views

golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header redirected to b.com/ will not send that header to b.com. However, the...

6.1CVSS7.2AI score0.00647EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.12 views

Alibaba Cloud Linux 3 : 0091: git-lfs (ALINUX3-SA-2024:0091)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0091 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-45288: An attacker may cause an...

7.5CVSS7.5AI score0.91969EPSS
Exploits1References5
Rows per page
Query Builder