First published: Tue Mar 05 2024(Updated: )
Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw when following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive headers information, and use this information to launch further attacks against the affected system.
Credit: security@golang.org security@golang.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/go | <1.21.8 | 1.21.8 |
redhat/go | <1.22.1 | 1.22.1 |
IBM Concert Software | <=1.0.0, 1.0.1, 1.0.2, 1.0.2.1 | |
debian/golang-1.15 | <=1.15.15-1~deb11u4 | |
debian/golang-1.19 | <=1.19.8-2 | |
debian/golang-1.22 | 1.22.10-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.