CVE-2023-29406
11.07.2023, 20:15
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.Enginsight
| Vendor | Product | Version |
|---|---|---|
| golang | go | 𝑥 < 1.19.11 |
| golang | go | 1.20.0 ≤ 𝑥 < 1.20.6 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| golang |
| ||||||||||||||||||||
| golang-1.10 |
| ||||||||||||||||||||
| golang-1.13 |
| ||||||||||||||||||||
| golang-1.14 |
| ||||||||||||||||||||
| golang-1.16 |
| ||||||||||||||||||||
| golang-1.17 |
| ||||||||||||||||||||
| golang-1.18 |
| ||||||||||||||||||||
| golang-1.19 |
| ||||||||||||||||||||
| golang-1.20 |
| ||||||||||||||||||||
| golang-1.6 |
| ||||||||||||||||||||
| golang-1.8 |
| ||||||||||||||||||||
| golang-1.9 |
|
Common Weakness Enumeration
References