The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2023 | amazon-ecr-credential-helper | 2023-09-14 00:55 | ALAS2023-2023-346 |
Amazon Linux 2 - Core | amazon-ssm-agent | 2023-10-12 15:09 | ALAS2-2023-2303 |
Amazon Linux 2023 | amazon-ssm-agent | 2023-09-27 21:07 | ALAS2023-2023-373 |
Amazon Linux 2 - Core | cni-plugins | 2023-08-17 11:58 | ALAS2-2023-2208 |
Amazon Linux 2023 | cni-plugins | 2023-08-31 21:47 | ALAS2023-2023-338 |
Amazon Linux 1 | containerd | 2023-09-27 22:15 | ALAS-2023-1849 |
Amazon Linux 2 - Docker Extra | containerd | 2023-08-17 17:04 | ALAS2DOCKER-2023-029 |
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | containerd | 2023-08-03 19:42 | ALAS2NITRO-ENCLAVES-2023-026 |
Amazon Linux 2023 | containerd | 2023-08-17 11:20 | ALAS2023-2023-312 |
Amazon Linux 2 - Core | cri-tools | 2023-08-03 18:10 | ALAS2-2023-2194 |
Amazon Linux 2023 | docker | 2023-09-14 00:54 | ALAS2023-2023-345 |
Amazon Linux 2 - Ecs Extra | ecs-init | 2024-01-03 23:00 | ALAS2ECS-2024-032 |
Amazon Linux 2023 | ecs-init | 2024-01-03 23:20 | ALAS2023-2024-480 |
Amazon Linux 1 | golang | 2023-09-27 22:15 | ALAS-2023-1848 |
Amazon Linux 2 - Core | golang | 2023-08-03 18:10 | ALAS2-2023-2186 |
Amazon Linux 2023 | golang | 2023-08-03 20:26 | ALAS2023-2023-283 |
Amazon Linux 2 - Core | golist | 2023-08-03 18:10 | ALAS2-2023-2185 |
Amazon Linux 2 - Core | nerdctl | 2023-08-03 18:10 | ALAS2-2023-2193 |
Amazon Linux 2023 | nerdctl | 2023-08-17 11:20 | ALAS2023-2023-313 |
Amazon Linux 2023 | oci-add-hooks | 2023-09-14 00:55 | ALAS2023-2023-347 |
Amazon Linux 2 - Docker Extra | runc | 2023-08-17 17:04 | ALAS2DOCKER-2023-028 |
Amazon Linux 2 - Ecs Extra | runc | 2023-08-03 19:42 | ALAS2ECS-2023-005 |
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | runc | 2023-08-03 19:42 | ALAS2NITRO-ENCLAVES-2023-025 |
Amazon Linux 2023 | runc | 2023-08-17 11:20 | ALAS2023-2023-311 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
NVD | CVSSv3 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |