Skip to content

net/http: sensitive headers not cleared on cross-origin redirect CVE-2025-4673 [1.23 backport] #73905

New issue
New issue
Closed
Closed
net/http: sensitive headers not cleared on cross-origin redirect CVE-2025-4673 [1.23 backport]#73905
Labels
CherryPickApprovedUsed during the release process for point releasesSecurity
Milestone
 
Go1.23.10
@gopherbot

Description

@gopherbot
gopherbot
opened on May 29, 2025

@thatnealpatel requested issue #73816 to be considered for backport to the next 1.23 minor release.

@gopherbot please open backport issues for this security fix

Metadata

Metadata

Assignees

No one assigned

    Labels

    CherryPickApprovedUsed during the release process for point releasesSecurity

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions