vulnerability
Amazon Linux AMI 2: CVE-2024-45336: Security patch for golang (ALAS-2025-2795)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:N/C:C/I:P/A:N) | Jan 28, 2025 | Mar 27, 2025 | Mar 27, 2025 |
Severity
8
CVSS
(AV:N/AC:M/Au:N/C:C/I:P/A:N)
Published
Jan 28, 2025
Added
Mar 27, 2025
Modified
Mar 27, 2025
Description
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
Solutions
amazon-linux-ami-2-upgrade-golangamazon-linux-ami-2-upgrade-golang-binamazon-linux-ami-2-upgrade-golang-docsamazon-linux-ami-2-upgrade-golang-miscamazon-linux-ami-2-upgrade-golang-sharedamazon-linux-ami-2-upgrade-golang-srcamazon-linux-ami-2-upgrade-golang-tests
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.