{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-32148", "ASSIGNER": "security@golang.org", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200: Information Exposure" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Go standard library", "product": { "product_data": [ { "product_name": "net/http", "version": { "version_data": [ { "version_value": "0", "version_affected": "=" }, { "version_value": "1.18.0", "version_affected": "=" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "refsource": "MISC", "name": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0520", "refsource": "MISC", "name": "https://pkg.go.dev/vuln/GO-2022-0520" }, { "url": "https://go.dev/cl/412857", "refsource": "MISC", "name": "https://go.dev/cl/412857" }, { "url": "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a", "refsource": "MISC", "name": "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a" }, { "url": "https://go.dev/issue/53423", "refsource": "MISC", "name": "https://go.dev/issue/53423" } ] }, "credits": [ { "lang": "en", "value": "Christian Mehlmauer" } ] }