VDB

CESS-2022-26945

CESS-2022-26945 PUBLISHED CVSS 9.8 CRITICAL

go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.

Risk Scores

CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

  • May 25, 2022 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›