Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request’s Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.

CPENameOperatorVersion
goge1.19.0
golt1.19.2
golt1.18.7

Name	Operator	Version
go	ge	1.19.0
go	lt	1.19.2
go	lt	1.18.7

References

go.dev/cl/432976

go.dev/issue/54663

groups.google.com/g/golang-announce/c/xtuG5faxtaU

pkg.go.dev/vuln/GO-2022-1038

security.gentoo.org/glsa/202311-09

cvelist 1

redhatcve 1

osv 18

ibm 16

ubuntucve 1

cbl_mariner 2

debiancve 1

cve 1

alpinelinux 1

veracode 1

nvd 1

oraclelinux 13

nessus 70

suse 2

altlinux 1

rocky 3

almalinux 10

openvas 14

photon 4

freebsd 1

redhat 31

fedora 1

mageia 1

amazon 1

ubuntu 2

gentoo 1

cvelist

CVE-2022-2880 Incorrect sanitization of forwarded query parameters in net/http/httputil

2022-10-14 00:00:00

redhatcve

CVE-2022-2880

2022-10-07 05:26:50

osv

BIT-golang-2022-2880

2024-03-06 11:01:07

CVE-2022-2880

2022-10-14 15:15:18

Incorrect sanitization of forwarded query parameters in net/http/httputil

2022-10-06 16:42:43

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to query parameter smuggling in Golang Go (CVE-2022-2880)

2023-02-01 16:02:29

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to query parameter smuggling due to [CVE-2022-2880]

2023-01-26 15:19:43

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration is vulnerable to multiple Go vulnerabilities

2023-01-31 10:35:36

ubuntucve

CVE-2022-2880

2022-10-14 00:00:00

cbl_mariner

CVE-2022-2880 affecting package golang 1.17.13-2

2024-07-03 03:08:33

CVE-2022-2880 affecting package golang for versions less than 1.19.10-1

2024-02-25 03:00:06

debiancve

CVE-2022-2880

2022-10-14 15:15:18

cve

CVE-2022-2880

2022-10-14 15:15:18

alpinelinux

CVE-2022-2880

2022-10-14 15:15:18

veracode

HTTP Request Smuggling

2022-10-14 11:52:42

nvd

CVE-2022-2880

2022-10-14 15:15:18

oraclelinux

go-toolset and golang security and bug fix update

2023-01-24 00:00:00

git-lfs security and bug fix update

2023-05-24 00:00:00

go-toolset:ol8 security and bug fix update

2023-01-26 00:00:00

nessus

CentOS 8 : git-lfs (CESA-2023:2866)

2023-05-16 00:00:00

SUSE SLED15 / SLES15 Security Update : go1.19 (SUSE-SU-2022:3669-1)

2022-10-20 00:00:00

CentOS 9 : grafana-9.0.9-2.el9

2024-02-29 00:00:00

suse

Security update for go1.18 (important)

2022-10-20 00:00:00

Security update for go1.19 (important)

2022-10-20 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.18.7-alt1

2022-10-18 00:00:00

rocky

go-toolset:rhel8 security and bug fix update

2023-01-25 08:59:15

go-toolset and golang security and bug fix update

2023-01-23 14:30:17

container-tools:rhel8 security update

2024-06-14 13:59:30

almalinux

Moderate: go-toolset:rhel8 security and bug fix update

2023-01-25 00:00:00

Moderate: go-toolset and golang security and bug fix update

2023-01-23 00:00:00

Moderate: git-lfs security and bug fix update

2023-05-16 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2022:3668-1)

2022-10-20 00:00:00

Fedora: Security Advisory for golang (FEDORA-2022-59a20edab2)

2022-10-18 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:3669-1)

2022-10-20 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0273

2022-11-02 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0273

2022-11-02 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0478

2022-10-27 00:00:00

freebsd

go -- multiple vulnerabilities

2022-10-04 00:00:00

redhat

(RHSA-2023:0445) Moderate: go-toolset-1.18 security update

2023-01-25 08:25:10

(RHSA-2023:2866) Moderate: git-lfs security and bug fix update

2023-05-16 05:56:48

(RHSA-2023:0708) Moderate: Release of OpenShift Serverless Client kn 1.27.0

2023-02-09 09:22:38

fedora

[SECURITY] Fedora 37 Update: golang-1.19.2-1.fc37

2022-10-17 22:55:43

mageia

Updated golang packages fix security vulnerability

2022-10-19 02:14:56

amazon

Important: golang

2023-04-13 19:28:00

ubuntu

Go vulnerabilities

2024-01-09 00:00:00

Go vulnerabilities

2023-04-25 00:00:00

gentoo

Go: Multiple Vulnerabilities

2023-11-25 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%

JSON

Related for PRION:CVE-2022-2880