CVE-2024-45258

Published August 25th, 2024

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.

imroc/req

Simple Go HTTP client with Black Magic

GitHub

4.8K