Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-32148


Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.


Published

2022-08-10T20:15:47.133

Last Modified

2024-11-21T07:05:50.420

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses
  • Type: Primary
    NVD-CWE-noinfo

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application golang go < 1.17.12 Yes
Application golang go < 1.18.4 Yes

References