248 matches found
ALSA-2025:10676 Moderate: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Moderate: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
ALSA-2025:10677 Moderate: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
ALSA-2025:10672 Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score,...
RHEL 9 : golang (RHSA-2025:10676)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10676 advisory. The golang packages provide the Go programming language compiler. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect i...
RHEL 10 : golang (RHSA-2025:10677)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10677 advisory. The golang packages provide the Go programming language compiler. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect ...
EulerOS 2.0 SP13 : golang (EulerOS-SA-2025-1702)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate...
golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect
A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header redirected to b.com/ will not send that header to b.com. However, the...
USN-7574-1 golang-1.22 vulnerabilities
Kyle Seely discovered that the Go net/http module did not properly handle sensitive headers during repeated redirects. An attacker could possibly use this issue to obtain sensitive information. CVE-2024-45336 Juho Forsén discovered that the Go crypto/x509 module incorrectly handled IPv6 addresses...
BIT-GOLANG-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
Security Bulletin: Go net/http package is vulnerable to a denial of service,a remote attacker could exploit this vulnerability to cause a denial of service, affects watsonx.data
Summary Go net/http package is vulnerable to a denial of service, caused by improper 100-continue header handling. By sending "Expect: 100-continue" requests, a remote attacker could exploit this vulnerability to cause a denial of service and this could affect watsonx.data. Vulnerability Details...
CVE-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
CVE-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
GO-2025-3751 Sensitive headers not cleared on cross-origin redirect in net/http
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
SUSE-SU-2025:01731-1 Security update for go1.23-openssl
This update for go1.23-openssl fixes the following issues: Update to version 1.23.9 bsc1229122: Security fixes: - CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross-domain redirect bsc1236046 - CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name constrain...
Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure messa...
SUSE-SU-2025:1555-1 Security update for go1.22-openssl
This update for go1.22-openssl fixes the following issues: Update to version 1.22.12 bsc1218424: Security fixes: - CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross-domain redirect bsc1236046 - CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name...
golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect
A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header redirected to b.com/ will not send that header to b.com. However, the...
golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect
A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header redirected to b.com/ will not send that header to b.com. However, the...
Alibaba Cloud Linux 3 : 0091: git-lfs (ALINUX3-SA-2024:0091)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0091 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-45288: An attacker may cause an...