You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Name: go CVEs: CVE-2023-29406 CVSSs: 6.5 Action Needed: update to >= 1.19.11 or 1.20.6
Summary: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
Name: go
CVEs: CVE-2023-29406
CVSSs: 6.5
Action Needed: update to >= 1.19.11 or 1.20.6
Summary: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
See also https://groups.google.com/g/golang-announce/c/2q13H6LEEx0.
refmap.gentoo:
The text was updated successfully, but these errors were encountered: