VYPR
Critical severity9.8OSV Advisory· Published Aug 25, 2024· Updated Apr 15, 2026

CVE-2024-45258

CVE-2024-45258

Description

The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/imroc/req/v3Go
< 3.43.43.43.4
github.com/imroc/reqGo
< 3.43.43.43.4
github.com/imroc/req/v2Go
< 3.43.43.43.4

Affected products

4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.