4 matches found
BIT-GOLANG-2022-2880 Incorrect sanitization of forwarded query parameters in net/http/httputil
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...
DEBIAN-CVE-2022-2880
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...
UBUNTU-CVE-2022-2880
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...
PT-2022-19246 · Go +9 · Go +9
Name of the Vulnerable Software and Affected Versions: Go versions prior to the fixed version Description: The issue concerns the ReverseProxy in Go, which includes raw query parameters from the inbound request, including unparsable parameters rejected by net/http, potentially permitting query...