Home

Description

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

PUBLISHED Reserved 2025-05-13 | Published 2025-06-11 | Updated 2025-06-11 | Assigner Go

Problem types

CWE-201: Insertion of Sensitive Information Into Sent Data

Product status

Default status
unaffected

Any version before 1.23.10
affected

1.24.0-0 (semver) before 1.24.4
affected

Credits

Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)

References

go.dev/cl/679257

go.dev/issue/73816

groups.google.com/g/golang-announce/c/ufZ8WpEsA3A

pkg.go.dev/vuln/GO-2025-3751

cve.org (CVE-2025-4673)

nvd.nist.gov (CVE-2025-4673)

Download JSON