ReverseProxy can be made to forward certain hop-by-hop headers, including Connection. If the target of the ReverseProxy is itself a reverse proxy, this lets an attacker drop arbitrary headers, including those set by the ReverseProxy.Director.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2021-0241" }