Back to bug 2222167
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-07-12 06:06:27 UTC | CC | amctagga, aoconnor, asm, bniver, dbenoit, emachado, flucifre, gmeno, mbenjamin, mhackett, sipoyare, sostapov, tstellar, vereddy | |
| Avinash Hanwate | 2023-07-12 07:09:58 UTC | Blocks | 2222178 | |
| Avinash Hanwate | 2023-07-12 07:20:04 UTC | Fixed In Version | golang 1.19.11, golang 1.20.6 | |
| Avinash Hanwate | 2023-07-12 09:14:07 UTC | CC | abishop, ansmith, aveerama, bbaude, bbuckingham, bcl, bcourt, bodavis, chazlett, davidn, dcadzow, debarshir, desktop-qa-list, dhughes, dkenigsb, dperaza, dsimansk, dwalsh, eglynn, ehelms, ellin, epacific, fdeutsch, grafana-maint, jaharrin, jburrell, jcammara, jchui, jeder, jhardy, jjoyce, jkurik, jligon, jneedle, jnovy, jobarker, joelsmith, jsherril, lball, lhh, lsm5, lzap, mabashia, matzew, mboddu, mburns, mcressma, mgarciac, mheon, mhulan, mmagr, mnewsome, myarboro, nathans, nbecker, nmoumoul, nobody, ocs-bugs, opohorel, orabin, oramraz, osapryki, osbuilders, pcreech, pehunt, pgrist, pjindal, pthomas, rchan, rgarg, rhcos-sst, rhuss, saroy, scorneli, scox, sgott, shbose, simaishi, skontopo, smcdonal, smullick, teagle, tsweeney, ubhargav, umohnani, vkareh, yguenane, zsadeh | |
| Avinash Hanwate | 2023-07-12 09:14:46 UTC | CC | aazores, abenaiss, aileenc, amasferr, dymurray, eaguilar, ebaron, eric.wittmann, gparvin, ibolton, janstey, jcantril, jkang, jkoehler, jmatthew, jmontleo, jpallich, lmadsen, mkudlej, mrunge, mwringe, nboldt, njean, owatkins, pahickey, pantinor, peholase, periklis, rhos-maint, rjohnson, sfroberg, slucidi, sseago, stcannon, tjochec, whayutin | |
| Avinash Hanwate | 2023-07-12 09:15:36 UTC | CC | jwendell, rcernich, twalsh | |
| Victor Kareh | 2023-07-12 13:03:04 UTC | CC | vkareh | |
| Avinash Hanwate | 2023-07-12 14:33:16 UTC | CC | dfreiber, rogbas, vkumar | |
| Avinash Hanwate | 2023-07-12 14:38:38 UTC | CC | adudiak, kshier, tfister | |
| Avinash Hanwate | 2023-07-12 14:51:11 UTC | Depends On | 2222294, 2222308, 2222297, 2222305, 2222307, 2222301, 2222306, 2222299, 2222309, 2222302, 2222296, 2222293, 2222298, 2222303, 2222291, 2222310, 2222304, 2222295 | |
| Avinash Hanwate | 2023-07-12 14:56:36 UTC | Depends On | 2222337, 2222312, 2222341, 2222342, 2222339, 2222326, 2222334, 2222323, 2222332, 2222340, 2222325, 2222330, 2222322, 2222331, 2222313, 2222317, 2222320, 2222336, 2222329, 2222333, 2222324, 2222318, 2222314, 2222315, 2222327, 2222316, 2222321, 2222328, 2222335, 2222319, 2222338, 2222343 | |
| Avinash Hanwate | 2023-07-21 06:32:19 UTC | Doc Text | Golang is vulnerable to HTTP header injection, caused by improper contents validation of the Host header by the HTTP/1 client. By persuading a victim to visit a specially crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, allowing the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning, or session hijacking. | |
| Alias | TRIAGE-CVE-2023-29406 | CVE-2023-29406 | ||
| Summary | TRIAGE-CVE-2023-29406 golang: net/http: insufficient sanitization of Host header | CVE-2023-29406 golang: net/http: insufficient sanitization of Host header | ||
| Avinash Hanwate | 2023-07-21 06:33:14 UTC | Depends On | 2224491, 2224490 | |
| RaTasha Tillery-Smith | 2023-07-21 13:43:04 UTC | Doc Text | Golang is vulnerable to HTTP header injection, caused by improper contents validation of the Host header by the HTTP/1 client. By persuading a victim to visit a specially crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, allowing the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning, or session hijacking. | A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking. |
| Doug Hellmann | 2023-07-25 19:09:05 UTC | CC | dhellmann | |
| Red Hat Bugzilla | 2023-08-03 08:29:52 UTC | CC | ocs-bugs | |
| Joel Smith | 2023-08-03 19:08:33 UTC | CC | joelsmith |
Back to bug 2222167