Back to bug 2132868

Who When What Removed Added
Avinash Hanwate 2022-10-07 05:00:25 UTC CC amctagga, aoconnor, bniver, bodavis, dbenoit, emachado, flucifre, gmeno, jistone, jpadman, mbenjamin, mhackett, mnewsome, sipoyare, sostapov, tstellar, vereddy
Avinash Hanwate 2022-10-07 05:01:04 UTC CC jwendell, ovanders, rcernich
Avinash Hanwate 2022-10-07 05:05:25 UTC Depends On 2132876, 2132877
Avinash Hanwate 2022-10-07 05:09:45 UTC Summary CVE-2022-2880 net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
Avinash Hanwate 2022-10-07 05:12:15 UTC CC jwendell, ovanders, rcernich
Avinash Hanwate 2022-10-07 05:12:27 UTC CC abishop, agerstmayr, ansmith, bbaude, bbuckingham, bcoca, bcourt, bkundu, btotty, chazlett, cnv-qe-bugs, cwelton, davidn, dcadzow, dkenigsb, dwalsh, eglynn, ehelms, epacific, etamir, fdeutsch, grafana-maint, hchiramm, jaharrin, jburrell, jcammara, jchui, jeder, jhardy, jjoyce, jkurik, jligon, jmulligan, jneedle, jnovy, jobarker, joelsmith, jsherril, jwon, krathod, lball, lhh, lsm5, lzap, mabashia, madam, matzew, mboddu, mburns, mcressma, mgarciac, mheon, mhulan, mmccune, mokumar, myarboro, nathans, nbecker, nmoumoul, ocs-bugs, opohorel, orabin, oramraz, osapryki, osbuilders, pcreech, pehunt, pjindal, pthomas, rchan, rhcos-sst, rhs-bugs, rhuss, rrajasek, saroy, sgott, simaishi, smcdonal, smullick, spower, tkral, tsweeney, umohnani, vkareh, yguenane, zsadeh
Avinash Hanwate 2022-10-07 05:12:49 UTC CC amackenz, amasferr, bdettelb, dwhatley, dymurray, gparvin, ibolton, jcantril, jmatthew, jmontleo, jramanat, mkudlej, mwringe, nboldt, njean, pahickey, periklis, scorneli, slucidi, sseago, stcannon, tjochec, whayutin
Avinash Hanwate 2022-10-07 05:13:24 UTC CC jwendell, ovanders, rcernich
Sage McTaggart 2022-10-11 20:28:38 UTC CC abishop, agerstmayr, amackenz, amasferr, ansmith, bbaude, bbuckingham, bcoca, bcourt, bdettelb, bkundu, btotty, chazlett, cnv-qe-bugs, cwelton, davidn, dcadzow, dkenigsb, dwalsh, dwhatley, dymurray, eglynn, ehelms, epacific, etamir, fdeutsch, gparvin, grafana-maint, hchiramm, ibolton, jaharrin, jburrell, jcammara, jcantril, jchui, jeder, jhardy, jjoyce, jkurik, jligon, jmatthew, jmontleo, jmulligan, jneedle, jnovy, jobarker, joelsmith, jramanat, jsherril, jwendell, jwon, krathod, lball, lhh, lsm5, lzap, mabashia, madam, matzew, mboddu, mburns, mcressma, mgarciac, mheon, mhulan, mkudlej, mmccune, mokumar, mwringe, myarboro, nathans, nbecker, nboldt, njean, nmoumoul, ocs-bugs, opohorel, orabin, oramraz, osapryki, osbuilders, ovanders, pahickey, pcreech, pehunt, periklis, pjindal, pthomas, rcernich, rchan, rhcos-sst, rhs-bugs, rhuss, rrajasek, saroy, scorneli, sgott, simaishi, slucidi, smcdonal, smullick, spower, sseago, stcannon, tjochec, tkral, tsweeney, umohnani, vkareh, whayutin, yguenane, zsadeh
Sage McTaggart 2022-10-11 20:28:54 UTC CC abishop, agerstmayr, ansmith, bbaude, bbuckingham, bcoca, bcourt, bkundu, btotty, chazlett, cnv-qe-bugs, cwelton, davidn, dcadzow, dkenigsb, dwalsh, eglynn, ehelms, epacific, etamir, fdeutsch, grafana-maint, hchiramm, jaharrin, jburrell, jcammara, jchui, jeder, jhardy, jjoyce, jkurik, jligon, jmulligan, jneedle, jnovy, jobarker, joelsmith, jsherril, jwon, krathod, lball, lhh, lsm5, lzap, mabashia, madam, matzew, mboddu, mburns, mcressma, mgarciac, mheon, mhulan, mmccune, mokumar, myarboro, nathans, nbecker, nmoumoul, ocs-bugs, opohorel, orabin, oramraz, osapryki, osbuilders, oskutka, pcreech, pehunt, pjindal, pthomas, rchan, rhcos-sst, rhs-bugs, rhuss, rrajasek, saroy, sgott, simaishi, smcdonal, smullick, spower, tkral, tsweeney, umohnani, vkareh, yguenane, zsadeh
Sage McTaggart 2022-10-11 20:29:08 UTC CC amackenz, amasferr, bdettelb, dwhatley, dymurray, gparvin, ibolton, jcantril, jmatthew, jmontleo, jramanat, mkudlej, mwringe, nboldt, njean, pahickey, periklis, scorneli, slucidi, sseago, stcannon, tjochec, whayutin
Sage McTaggart 2022-10-11 20:29:32 UTC CC jwendell, ovanders, rcernich
Sage McTaggart 2022-10-11 20:38:07 UTC Depends On 2133925, 2133921, 2133923, 2133922, 2133926, 2133917, 2133916, 2133920, 2133915, 2133927
TEJ RATHI 2022-10-13 07:50:46 UTC CC vkumar
Borja Tarraso 2022-10-13 08:06:44 UTC Depends On 2134346
TEJ RATHI 2022-10-13 11:30:13 UTC Depends On 2134407, 2134406, 2134405
TEJ RATHI 2022-10-13 12:32:43 UTC Depends On 2134442, 2134443, 2134441
TEJ RATHI 2022-10-13 12:54:17 UTC Depends On 2134450, 2134445, 2134449, 2134447, 2134446, 2134448
TEJ RATHI 2022-10-13 13:10:18 UTC Depends On 2134453, 2134456, 2134457, 2134454, 2134455
TEJ RATHI 2022-10-13 13:25:16 UTC Depends On 2134473, 2134476, 2134475, 2134471, 2134474, 2134477, 2134472
Borja Tarraso 2022-10-13 13:52:06 UTC CC bbuckingham, bcourt, btotty, ehelms, jsherril, lzap, mhulan, mmccune, myarboro, nmoumoul, orabin, pcreech, rchan
Nick Tait 2022-10-15 19:42:25 UTC CC cnv-qe-bugs, sgott
Stoyan Nikolov 2022-10-17 08:55:19 UTC Depends On 2133921
Ondřej Pohořelský 2022-10-20 11:10:20 UTC CC opohorel
Tomáš Král 2022-10-21 07:26:39 UTC CC tkral
David Benoit 2022-10-21 14:33:46 UTC Depends On 2136835
David Benoit 2022-10-21 15:11:14 UTC Depends On 2136839
David Benoit 2022-10-21 15:11:53 UTC Depends On 2136841
David Benoit 2022-10-21 15:23:12 UTC Depends On 2136843
David Benoit 2022-10-21 15:31:55 UTC Depends On 2136849
Mauro Matteo Cascella 2022-10-24 10:52:55 UTC Depends On 2136717
Mauro Matteo Cascella 2022-10-24 10:53:03 UTC Depends On 2136718
Mauro Matteo Cascella 2022-10-24 10:53:11 UTC Depends On 2136719
Mauro Matteo Cascella 2022-10-24 10:53:21 UTC Depends On 2136720
Mauro Matteo Cascella 2022-10-24 10:53:41 UTC Depends On 2136721
Mauro Matteo Cascella 2022-10-24 10:53:52 UTC Depends On 2136722
Mauro Matteo Cascella 2022-10-24 10:54:01 UTC Depends On 2136723
Red Hat Bugzilla 2022-10-28 13:12:53 UTC CC krathod
Vipul Nair 2022-10-31 15:10:00 UTC Depends On 2138889, 2138888
Avinash Hanwate 2022-11-01 04:09:10 UTC CC adudiak, tfister
Doc Text A flaw was found in the golang package. Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
RaTasha Tillery-Smith 2022-11-01 12:23:59 UTC Doc Text A flaw was found in the golang package. Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged. A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
Avinash Hanwate 2022-11-24 08:59:22 UTC Flags needinfo?(ahanwate)
CC juneau
Flags needinfo?(ahanwate)
errata-xmlrpc 2022-12-08 07:38:00 UTC Link ID Red Hat Product Errata RHSA-2022:8781
Red Hat Bugzilla 2022-12-31 20:04:33 UTC CC hchiramm
Red Hat Bugzilla 2023-01-01 05:32:42 UTC CC amctagga
Red Hat Bugzilla 2023-01-01 05:47:11 UTC CC flucifre
Red Hat Bugzilla 2023-01-01 05:52:45 UTC CC mhackett
Red Hat Bugzilla 2023-01-01 06:02:06 UTC CC bniver
Red Hat Bugzilla 2023-01-01 08:30:36 UTC CC jmulligan
Red Hat Bugzilla 2023-01-01 08:34:17 UTC CC mbenjamin
Red Hat Bugzilla 2023-01-01 08:43:18 UTC CC sostapov
Red Hat Bugzilla 2023-01-01 08:47:45 UTC CC vereddy
Alasdair Kergon 2023-01-04 04:55:31 UTC CC hchiramm
Alasdair Kergon 2023-01-04 05:43:50 UTC CC sostapov
Alasdair Kergon 2023-01-04 06:11:25 UTC CC bniver
Alasdair Kergon 2023-01-04 06:19:28 UTC CC mbenjamin
Alasdair Kergon 2023-01-04 06:29:04 UTC CC vereddy
Alasdair Kergon 2023-01-04 06:43:51 UTC CC flucifre
Alasdair Kergon 2023-01-04 11:29:24 UTC CC mhackett
Sam Fowler 2023-01-13 00:14:51 UTC CC sfowler
errata-xmlrpc 2023-01-17 14:51:36 UTC Link ID Red Hat Product Errata RHSA-2022:7398
errata-xmlrpc 2023-01-17 19:37:34 UTC Link ID Red Hat Product Errata RHSA-2022:7399
errata-xmlrpc 2023-01-19 11:04:41 UTC Link ID Red Hat Product Errata RHSA-2023:0264
Victor Kareh 2023-01-19 19:16:53 UTC CC vkareh
Red Hat Bugzilla 2023-01-20 05:18:45 UTC CC cwelton
errata-xmlrpc 2023-01-23 15:20:29 UTC Link ID Red Hat Product Errata RHSA-2023:0328
errata-xmlrpc 2023-01-25 08:31:05 UTC Link ID Red Hat Product Errata RHSA-2023:0445
errata-xmlrpc 2023-01-25 09:16:01 UTC Link ID Red Hat Product Errata RHSA-2023:0446
errata-xmlrpc 2023-01-30 17:21:03 UTC Link ID Red Hat Product Errata RHSA-2023:0542
Red Hat Bugzilla 2023-01-31 22:27:12 UTC CC nbecker
Red Hat Bugzilla 2023-01-31 22:28:05 UTC CC etamir
Red Hat Bugzilla 2023-01-31 23:37:46 UTC CC madam
Josh Stone 2023-02-02 02:06:44 UTC CC jistone
Red Hat Bugzilla 2023-02-03 23:11:36 UTC CC ovanders
errata-xmlrpc 2023-02-07 17:24:18 UTC Link ID Red Hat Product Errata RHSA-2023:0631
Red Hat Bugzilla 2023-02-08 00:54:44 UTC CC hchiramm
errata-xmlrpc 2023-02-09 02:17:32 UTC Link ID Red Hat Product Errata RHSA-2023:0693
errata-xmlrpc 2023-02-09 09:26:11 UTC Link ID Red Hat Product Errata RHSA-2023:0708
errata-xmlrpc 2023-02-09 12:05:41 UTC Link ID Red Hat Product Errata RHSA-2023:0709
errata-xmlrpc 2023-02-16 14:14:21 UTC Link ID Red Hat Product Errata RHSA-2023:0727
Red Hat Bugzilla 2023-02-22 01:15:37 UTC CC dkenigsb
errata-xmlrpc 2023-03-06 18:40:54 UTC Link ID Red Hat Product Errata RHSA-2023:1042
errata-xmlrpc 2023-03-09 01:25:08 UTC Link ID Red Hat Product Errata RHSA-2023:1174
Red Hat Bugzilla 2023-03-15 08:33:30 UTC CC rhs-bugs
errata-xmlrpc 2023-03-15 19:56:03 UTC Link ID Red Hat Product Errata RHSA-2023:1275
errata-xmlrpc 2023-05-09 07:13:50 UTC Link ID Red Hat Product Errata RHSA-2023:2167
errata-xmlrpc 2023-05-09 07:17:52 UTC Link ID Red Hat Product Errata RHSA-2023:2204
errata-xmlrpc 2023-05-09 07:35:19 UTC Link ID Red Hat Product Errata RHSA-2023:2357
Red Hat Bugzilla 2023-05-15 18:03:45 UTC CC rrajasek
Red Hat Bugzilla 2023-05-15 18:50:52 UTC CC dcadzow
errata-xmlrpc 2023-05-16 08:11:55 UTC Link ID Red Hat Product Errata RHSA-2023:2780
errata-xmlrpc 2023-05-16 08:12:26 UTC Link ID Red Hat Product Errata RHSA-2023:2784
errata-xmlrpc 2023-05-16 08:21:54 UTC Link ID Red Hat Product Errata RHSA-2023:2866
Red Hat Bugzilla 2023-05-16 09:27:34 UTC CC mokumar
errata-xmlrpc 2023-05-18 02:55:34 UTC Link ID Red Hat Product Errata RHSA-2023:3205
errata-xmlrpc 2023-05-18 14:27:59 UTC Link ID Red Hat Product Errata RHSA-2023:0584
Product Security DevOps Team 2023-05-18 19:42:27 UTC Resolution --- ERRATA
Status NEW CLOSED
Last Closed 2023-05-18 19:42:27 UTC
errata-xmlrpc 2023-06-15 16:01:15 UTC Link ID Red Hat Product Errata RHSA-2023:3642
errata-xmlrpc 2023-06-19 10:33:09 UTC Link ID Red Hat Product Errata RHSA-2023:3664
Joel Smith 2023-06-21 15:51:06 UTC CC joelsmith
errata-xmlrpc 2023-06-22 19:52:02 UTC Link ID Red Hat Product Errata RHSA-2023:3742
errata-xmlrpc 2023-06-26 01:16:02 UTC Link ID Red Hat Product Errata RHSA-2023:3613
errata-xmlrpc 2023-07-10 08:51:11 UTC Link ID Red Hat Product Errata RHSA-2023:4003
Chess Hazlett 2023-07-17 19:01:28 UTC CC ataylor, jross, rkieley

Back to bug 2132868