VYPR
Medium severity4.3NVD Advisory· Published Mar 5, 2024· Updated Apr 15, 2026

CVE-2023-45289

CVE-2023-45289

Description

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1367

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.