Back to bug 2132868
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2022-10-07 05:00:25 UTC | CC | amctagga, aoconnor, bniver, bodavis, dbenoit, emachado, flucifre, gmeno, jistone, jpadman, mbenjamin, mhackett, mnewsome, sipoyare, sostapov, tstellar, vereddy | |
| Avinash Hanwate | 2022-10-07 05:01:04 UTC | CC | jwendell, ovanders, rcernich | |
| Avinash Hanwate | 2022-10-07 05:05:25 UTC | Depends On | 2132876, 2132877 | |
| Avinash Hanwate | 2022-10-07 05:09:45 UTC | Summary | CVE-2022-2880 net/http/httputil: ReverseProxy should not forward unparseable query parameters | CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters |
| Avinash Hanwate | 2022-10-07 05:12:15 UTC | CC | jwendell, ovanders, rcernich | |
| Avinash Hanwate | 2022-10-07 05:12:27 UTC | CC | abishop, agerstmayr, ansmith, bbaude, bbuckingham, bcoca, bcourt, bkundu, btotty, chazlett, cnv-qe-bugs, cwelton, davidn, dcadzow, dkenigsb, dwalsh, eglynn, ehelms, epacific, etamir, fdeutsch, grafana-maint, hchiramm, jaharrin, jburrell, jcammara, jchui, jeder, jhardy, jjoyce, jkurik, jligon, jmulligan, jneedle, jnovy, jobarker, joelsmith, jsherril, jwon, krathod, lball, lhh, lsm5, lzap, mabashia, madam, matzew, mboddu, mburns, mcressma, mgarciac, mheon, mhulan, mmccune, mokumar, myarboro, nathans, nbecker, nmoumoul, ocs-bugs, opohorel, orabin, oramraz, osapryki, osbuilders, pcreech, pehunt, pjindal, pthomas, rchan, rhcos-sst, rhs-bugs, rhuss, rrajasek, saroy, sgott, simaishi, smcdonal, smullick, spower, tkral, tsweeney, umohnani, vkareh, yguenane, zsadeh | |
| Avinash Hanwate | 2022-10-07 05:12:49 UTC | CC | amackenz, amasferr, bdettelb, dwhatley, dymurray, gparvin, ibolton, jcantril, jmatthew, jmontleo, jramanat, mkudlej, mwringe, nboldt, njean, pahickey, periklis, scorneli, slucidi, sseago, stcannon, tjochec, whayutin | |
| Avinash Hanwate | 2022-10-07 05:13:24 UTC | CC | jwendell, ovanders, rcernich | |
| Sage McTaggart | 2022-10-11 20:28:38 UTC | CC | abishop, agerstmayr, amackenz, amasferr, ansmith, bbaude, bbuckingham, bcoca, bcourt, bdettelb, bkundu, btotty, chazlett, cnv-qe-bugs, cwelton, davidn, dcadzow, dkenigsb, dwalsh, dwhatley, dymurray, eglynn, ehelms, epacific, etamir, fdeutsch, gparvin, grafana-maint, hchiramm, ibolton, jaharrin, jburrell, jcammara, jcantril, jchui, jeder, jhardy, jjoyce, jkurik, jligon, jmatthew, jmontleo, jmulligan, jneedle, jnovy, jobarker, joelsmith, jramanat, jsherril, jwendell, jwon, krathod, lball, lhh, lsm5, lzap, mabashia, madam, matzew, mboddu, mburns, mcressma, mgarciac, mheon, mhulan, mkudlej, mmccune, mokumar, mwringe, myarboro, nathans, nbecker, nboldt, njean, nmoumoul, ocs-bugs, opohorel, orabin, oramraz, osapryki, osbuilders, ovanders, pahickey, pcreech, pehunt, periklis, pjindal, pthomas, rcernich, rchan, rhcos-sst, rhs-bugs, rhuss, rrajasek, saroy, scorneli, sgott, simaishi, slucidi, smcdonal, smullick, spower, sseago, stcannon, tjochec, tkral, tsweeney, umohnani, vkareh, whayutin, yguenane, zsadeh | |
| Sage McTaggart | 2022-10-11 20:28:54 UTC | CC | abishop, agerstmayr, ansmith, bbaude, bbuckingham, bcoca, bcourt, bkundu, btotty, chazlett, cnv-qe-bugs, cwelton, davidn, dcadzow, dkenigsb, dwalsh, eglynn, ehelms, epacific, etamir, fdeutsch, grafana-maint, hchiramm, jaharrin, jburrell, jcammara, jchui, jeder, jhardy, jjoyce, jkurik, jligon, jmulligan, jneedle, jnovy, jobarker, joelsmith, jsherril, jwon, krathod, lball, lhh, lsm5, lzap, mabashia, madam, matzew, mboddu, mburns, mcressma, mgarciac, mheon, mhulan, mmccune, mokumar, myarboro, nathans, nbecker, nmoumoul, ocs-bugs, opohorel, orabin, oramraz, osapryki, osbuilders, oskutka, pcreech, pehunt, pjindal, pthomas, rchan, rhcos-sst, rhs-bugs, rhuss, rrajasek, saroy, sgott, simaishi, smcdonal, smullick, spower, tkral, tsweeney, umohnani, vkareh, yguenane, zsadeh | |
| Sage McTaggart | 2022-10-11 20:29:08 UTC | CC | amackenz, amasferr, bdettelb, dwhatley, dymurray, gparvin, ibolton, jcantril, jmatthew, jmontleo, jramanat, mkudlej, mwringe, nboldt, njean, pahickey, periklis, scorneli, slucidi, sseago, stcannon, tjochec, whayutin | |
| Sage McTaggart | 2022-10-11 20:29:32 UTC | CC | jwendell, ovanders, rcernich | |
| Sage McTaggart | 2022-10-11 20:38:07 UTC | Depends On | 2133925, 2133921, 2133923, 2133922, 2133926, 2133917, 2133916, 2133920, 2133915, 2133927 | |
| TEJ RATHI | 2022-10-13 07:50:46 UTC | CC | vkumar | |
| Borja Tarraso | 2022-10-13 08:06:44 UTC | Depends On | 2134346 | |
| TEJ RATHI | 2022-10-13 11:30:13 UTC | Depends On | 2134407, 2134406, 2134405 | |
| TEJ RATHI | 2022-10-13 12:32:43 UTC | Depends On | 2134442, 2134443, 2134441 | |
| TEJ RATHI | 2022-10-13 12:54:17 UTC | Depends On | 2134450, 2134445, 2134449, 2134447, 2134446, 2134448 | |
| TEJ RATHI | 2022-10-13 13:10:18 UTC | Depends On | 2134453, 2134456, 2134457, 2134454, 2134455 | |
| TEJ RATHI | 2022-10-13 13:25:16 UTC | Depends On | 2134473, 2134476, 2134475, 2134471, 2134474, 2134477, 2134472 | |
| Borja Tarraso | 2022-10-13 13:52:06 UTC | CC | bbuckingham, bcourt, btotty, ehelms, jsherril, lzap, mhulan, mmccune, myarboro, nmoumoul, orabin, pcreech, rchan | |
| Nick Tait | 2022-10-15 19:42:25 UTC | CC | cnv-qe-bugs, sgott | |
| Stoyan Nikolov | 2022-10-17 08:55:19 UTC | Depends On | 2133921 | |
| Ondřej Pohořelský | 2022-10-20 11:10:20 UTC | CC | opohorel | |
| Tomáš Král | 2022-10-21 07:26:39 UTC | CC | tkral | |
| David Benoit | 2022-10-21 14:33:46 UTC | Depends On | 2136835 | |
| David Benoit | 2022-10-21 15:11:14 UTC | Depends On | 2136839 | |
| David Benoit | 2022-10-21 15:11:53 UTC | Depends On | 2136841 | |
| David Benoit | 2022-10-21 15:23:12 UTC | Depends On | 2136843 | |
| David Benoit | 2022-10-21 15:31:55 UTC | Depends On | 2136849 | |
| Mauro Matteo Cascella | 2022-10-24 10:52:55 UTC | Depends On | 2136717 | |
| Mauro Matteo Cascella | 2022-10-24 10:53:03 UTC | Depends On | 2136718 | |
| Mauro Matteo Cascella | 2022-10-24 10:53:11 UTC | Depends On | 2136719 | |
| Mauro Matteo Cascella | 2022-10-24 10:53:21 UTC | Depends On | 2136720 | |
| Mauro Matteo Cascella | 2022-10-24 10:53:41 UTC | Depends On | 2136721 | |
| Mauro Matteo Cascella | 2022-10-24 10:53:52 UTC | Depends On | 2136722 | |
| Mauro Matteo Cascella | 2022-10-24 10:54:01 UTC | Depends On | 2136723 | |
| Red Hat Bugzilla | 2022-10-28 13:12:53 UTC | CC | krathod | |
| Vipul Nair | 2022-10-31 15:10:00 UTC | Depends On | 2138889, 2138888 | |
| Avinash Hanwate | 2022-11-01 04:09:10 UTC | CC | adudiak, tfister | |
| Doc Text | A flaw was found in the golang package. Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged. | |||
| RaTasha Tillery-Smith | 2022-11-01 12:23:59 UTC | Doc Text | A flaw was found in the golang package. Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged. | A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged. |
| Avinash Hanwate | 2022-11-24 08:59:22 UTC | Flags | needinfo?(ahanwate) | |
| CC | juneau | |||
| Flags | needinfo?(ahanwate) | |||
| errata-xmlrpc | 2022-12-08 07:38:00 UTC | Link ID | Red Hat Product Errata RHSA-2022:8781 | |
| Red Hat Bugzilla | 2022-12-31 20:04:33 UTC | CC | hchiramm | |
| Red Hat Bugzilla | 2023-01-01 05:32:42 UTC | CC | amctagga | |
| Red Hat Bugzilla | 2023-01-01 05:47:11 UTC | CC | flucifre | |
| Red Hat Bugzilla | 2023-01-01 05:52:45 UTC | CC | mhackett | |
| Red Hat Bugzilla | 2023-01-01 06:02:06 UTC | CC | bniver | |
| Red Hat Bugzilla | 2023-01-01 08:30:36 UTC | CC | jmulligan | |
| Red Hat Bugzilla | 2023-01-01 08:34:17 UTC | CC | mbenjamin | |
| Red Hat Bugzilla | 2023-01-01 08:43:18 UTC | CC | sostapov | |
| Red Hat Bugzilla | 2023-01-01 08:47:45 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 04:55:31 UTC | CC | hchiramm | |
| Alasdair Kergon | 2023-01-04 05:43:50 UTC | CC | sostapov | |
| Alasdair Kergon | 2023-01-04 06:11:25 UTC | CC | bniver | |
| Alasdair Kergon | 2023-01-04 06:19:28 UTC | CC | mbenjamin | |
| Alasdair Kergon | 2023-01-04 06:29:04 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 06:43:51 UTC | CC | flucifre | |
| Alasdair Kergon | 2023-01-04 11:29:24 UTC | CC | mhackett | |
| Sam Fowler | 2023-01-13 00:14:51 UTC | CC | sfowler | |
| errata-xmlrpc | 2023-01-17 14:51:36 UTC | Link ID | Red Hat Product Errata RHSA-2022:7398 | |
| errata-xmlrpc | 2023-01-17 19:37:34 UTC | Link ID | Red Hat Product Errata RHSA-2022:7399 | |
| errata-xmlrpc | 2023-01-19 11:04:41 UTC | Link ID | Red Hat Product Errata RHSA-2023:0264 | |
| Victor Kareh | 2023-01-19 19:16:53 UTC | CC | vkareh | |
| Red Hat Bugzilla | 2023-01-20 05:18:45 UTC | CC | cwelton | |
| errata-xmlrpc | 2023-01-23 15:20:29 UTC | Link ID | Red Hat Product Errata RHSA-2023:0328 | |
| errata-xmlrpc | 2023-01-25 08:31:05 UTC | Link ID | Red Hat Product Errata RHSA-2023:0445 | |
| errata-xmlrpc | 2023-01-25 09:16:01 UTC | Link ID | Red Hat Product Errata RHSA-2023:0446 | |
| errata-xmlrpc | 2023-01-30 17:21:03 UTC | Link ID | Red Hat Product Errata RHSA-2023:0542 | |
| Red Hat Bugzilla | 2023-01-31 22:27:12 UTC | CC | nbecker | |
| Red Hat Bugzilla | 2023-01-31 22:28:05 UTC | CC | etamir | |
| Red Hat Bugzilla | 2023-01-31 23:37:46 UTC | CC | madam | |
| Josh Stone | 2023-02-02 02:06:44 UTC | CC | jistone | |
| Red Hat Bugzilla | 2023-02-03 23:11:36 UTC | CC | ovanders | |
| errata-xmlrpc | 2023-02-07 17:24:18 UTC | Link ID | Red Hat Product Errata RHSA-2023:0631 | |
| Red Hat Bugzilla | 2023-02-08 00:54:44 UTC | CC | hchiramm | |
| errata-xmlrpc | 2023-02-09 02:17:32 UTC | Link ID | Red Hat Product Errata RHSA-2023:0693 | |
| errata-xmlrpc | 2023-02-09 09:26:11 UTC | Link ID | Red Hat Product Errata RHSA-2023:0708 | |
| errata-xmlrpc | 2023-02-09 12:05:41 UTC | Link ID | Red Hat Product Errata RHSA-2023:0709 | |
| errata-xmlrpc | 2023-02-16 14:14:21 UTC | Link ID | Red Hat Product Errata RHSA-2023:0727 | |
| Red Hat Bugzilla | 2023-02-22 01:15:37 UTC | CC | dkenigsb | |
| errata-xmlrpc | 2023-03-06 18:40:54 UTC | Link ID | Red Hat Product Errata RHSA-2023:1042 | |
| errata-xmlrpc | 2023-03-09 01:25:08 UTC | Link ID | Red Hat Product Errata RHSA-2023:1174 | |
| Red Hat Bugzilla | 2023-03-15 08:33:30 UTC | CC | rhs-bugs | |
| errata-xmlrpc | 2023-03-15 19:56:03 UTC | Link ID | Red Hat Product Errata RHSA-2023:1275 | |
| errata-xmlrpc | 2023-05-09 07:13:50 UTC | Link ID | Red Hat Product Errata RHSA-2023:2167 | |
| errata-xmlrpc | 2023-05-09 07:17:52 UTC | Link ID | Red Hat Product Errata RHSA-2023:2204 | |
| errata-xmlrpc | 2023-05-09 07:35:19 UTC | Link ID | Red Hat Product Errata RHSA-2023:2357 | |
| Red Hat Bugzilla | 2023-05-15 18:03:45 UTC | CC | rrajasek | |
| Red Hat Bugzilla | 2023-05-15 18:50:52 UTC | CC | dcadzow | |
| errata-xmlrpc | 2023-05-16 08:11:55 UTC | Link ID | Red Hat Product Errata RHSA-2023:2780 | |
| errata-xmlrpc | 2023-05-16 08:12:26 UTC | Link ID | Red Hat Product Errata RHSA-2023:2784 | |
| errata-xmlrpc | 2023-05-16 08:21:54 UTC | Link ID | Red Hat Product Errata RHSA-2023:2866 | |
| Red Hat Bugzilla | 2023-05-16 09:27:34 UTC | CC | mokumar | |
| errata-xmlrpc | 2023-05-18 02:55:34 UTC | Link ID | Red Hat Product Errata RHSA-2023:3205 | |
| errata-xmlrpc | 2023-05-18 14:27:59 UTC | Link ID | Red Hat Product Errata RHSA-2023:0584 | |
| Product Security DevOps Team | 2023-05-18 19:42:27 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-05-18 19:42:27 UTC | |||
| errata-xmlrpc | 2023-06-15 16:01:15 UTC | Link ID | Red Hat Product Errata RHSA-2023:3642 | |
| errata-xmlrpc | 2023-06-19 10:33:09 UTC | Link ID | Red Hat Product Errata RHSA-2023:3664 | |
| Joel Smith | 2023-06-21 15:51:06 UTC | CC | joelsmith | |
| errata-xmlrpc | 2023-06-22 19:52:02 UTC | Link ID | Red Hat Product Errata RHSA-2023:3742 | |
| errata-xmlrpc | 2023-06-26 01:16:02 UTC | Link ID | Red Hat Product Errata RHSA-2023:3613 | |
| errata-xmlrpc | 2023-07-10 08:51:11 UTC | Link ID | Red Hat Product Errata RHSA-2023:4003 | |
| Chess Hazlett | 2023-07-17 19:01:28 UTC | CC | ataylor, jross, rkieley |
Back to bug 2132868