An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-13T06:00:00
Updated: 2024-08-04T22:01:54.025Z
Reserved: 2019-03-13T00:00:00
Link: CVE-2019-9741
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-13T08:29:00.553
Modified: 2024-11-21T04:52:12.840
Link: CVE-2019-9741
Redhat