The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.

CPENameOperatorVersion
goge1.20.0
golt1.20.6
golt1.19.11

Name	Operator	Version
go	ge	1.20.0
go	lt	1.20.6
go	lt	1.19.11

References

go.dev/cl/506996

go.dev/issue/60374

groups.google.com/g/golang-announce/c/2q13H6LEEx0

pkg.go.dev/vuln/GO-2023-1878

security.gentoo.org/glsa/202311-09

security.netapp.com/advisory/ntap-20230814-0002/

ubuntucve 1

nessus 65

oraclelinux 7

osv 12

redhatcve 1

amazon 8

veracode 1

cbl_mariner 3

alpinelinux 1

redhat 35

cve 1

openvas 9

cvelist 1

nvd 1

rocky 2

wolfi 1

ibm 25

debiancve 1

almalinux 8

cgr 1

photon 3

freebsd 1

redos 1

gentoo 1

ics 1

ubuntucve

CVE-2023-29406

2023-07-11 00:00:00

nessus

Amazon Linux 2 : golist (ALAS-2023-2185)

2023-08-14 00:00:00

Amazon Linux 2 : runc (ALASECS-2023-005)

2023-09-06 00:00:00

Amazon Linux 2 : ecs-init (ALASECS-2024-032)

2024-01-09 00:00:00

oraclelinux

container-tools:4.0 security and bug fix update

2023-11-22 00:00:00

containernetworking-plugins security and bug fix update

2023-11-11 00:00:00

skopeo security update

2023-11-11 00:00:00

osv

Moderate: container-tools:4.0 security and bug fix update

2023-11-28 22:43:02

BIT-golang-2023-29406

2024-03-06 10:55:04

CVE-2023-29406

2023-07-11 20:15:10

redhatcve

CVE-2023-29406

2023-07-21 07:30:20

amazon

Important: golang

2023-08-03 18:10:00

Important: golist

2023-08-03 18:10:00

Important: cri-tools

2023-08-03 18:10:00

veracode

CRLF Injection

2023-07-17 03:51:29

cbl_mariner

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1

2024-07-03 03:08:37

CVE-2023-29406 affecting package msft-golang for versions less than 1.20.7-1

2024-07-03 03:08:37

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1

2024-07-03 03:08:31

alpinelinux

CVE-2023-29406

2023-07-11 20:15:10

redhat

(RHSA-2023:7202) Moderate: container-tools:4.0 security and bug fix update

2023-11-14 16:23:40

(RHSA-2024:0293) Moderate: OpenShift Container Platform 4.14.10 packages and security update

2024-01-23 20:33:05

(RHSA-2023:5721) Important: go-toolset:rhel8 security update

2023-10-16 12:13:12

cve

CVE-2023-29406

2023-07-11 20:15:10

openvas

openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:3002-1)

2024-03-04 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3006)

2023-10-31 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3029)

2023-10-31 00:00:00

cvelist

CVE-2023-29406 Insufficient sanitization of Host header in net/http

2023-07-11 19:23:58

nvd

CVE-2023-29406

2023-07-11 20:15:10

rocky

container-tools:4.0 security and bug fix update

2023-11-28 22:43:02

Satellite 6.14 security and bug fix update

2023-11-11 22:58:57

wolfi

CVE-2023-29406 vulnerabilities

2024-07-03 09:08:38

ibm

Security Bulletin: Operations Dashboard is vulnerable to header injection due to Golang Go

2023-10-02 16:06:58

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to HTTP header injection due to Go CVE-2023-29406

2023-09-14 17:23:24

Security Bulletin: IBM Event Streams is affected by a vulnerability in Golang Go (CVE-2023-29406)

2023-08-01 16:29:09

debiancve

CVE-2023-29406

2023-07-11 20:15:10

almalinux

Moderate: container-tools:4.0 security and bug fix update

2023-11-14 00:00:00

Moderate: buildah security update

2023-11-07 00:00:00

Moderate: containernetworking-plugins security and bug fix update

2023-11-07 00:00:00

cgr

CVE-2023-29406 vulnerabilities

2024-05-19 03:07:16

photon

Moderate Photon OS Security Update - PHSA-2023-5.0-0066

2023-08-05 00:00:00

Moderate Photon OS Security Update - PHSA-2023-4.0-0484

2023-10-05 00:00:00

Important Photon OS Security Update - PHSA-2023-3.0-0644

2023-09-06 00:00:00

freebsd

go -- multiple vulnerabilities

2023-04-27 00:00:00

redos

ROS-20240418-06

2024-04-18 00:00:00

gentoo

Go: Multiple Vulnerabilities

2023-11-25 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for PRION:CVE-2023-29406