VYPR
Unrated severityNVD Advisory· Published Jul 11, 2023· Updated Feb 13, 2025

Insufficient sanitization of Host header in net/http

CVE-2023-29406

Description

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

74

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.