VYPR

ReverseProxy

by Go

CVEs (3)

  • CVE-2022-2880HigOct 14, 2022
    risk 0.49cvss 7.5epss 0.01

    Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy…

  • CVE-2021-33197MedAug 2, 2021
    risk 0.35cvss 5.3epss 0.02

    In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

  • CVE-2026-39825MedMay 7, 2026
    risk 0.27cvss 5.3epss 0.00

    ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by…