Description

The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.

INFO

Published Date :

2025-01-28T01:03:24.869Z

Last Modified :

2025-09-18T18:41:11.116Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45336 vulnerability.

Vendors Products
Redhat
  • Acm
  • Ceph Storage
  • Enterprise Linux
  • Logging
  • Openshift Distributed Tracing
  • Rhel Eus
  • Rhel Satellite Client
  • Service Mesh
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45336.

URL Resource
https://go.dev/cl/643100 cve-icon cve-icon
https://go.dev/issue/70530 cve-icon cve-icon
https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ cve-icon cve-icon
https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-45336 cve-icon
https://pkg.go.dev/vuln/GO-2025-3420 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20250221-0003/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-45336 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact