The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.17.13-3ubuntu1.2", "binary_name": "golang-1.17" }, { "binary_version": "1.17.13-3ubuntu1.2", "binary_name": "golang-1.17-doc" }, { "binary_version": "1.17.13-3ubuntu1.2", "binary_name": "golang-1.17-go" }, { "binary_version": "1.17.13-3ubuntu1.2", "binary_name": "golang-1.17-go-dbgsym" }, { "binary_version": "1.17.13-3ubuntu1.2", "binary_name": "golang-1.17-src" } ] }