CVE-2023-45289
ADVISORY - nistSummary
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
EPSS Scoreโ : 0.00044 (0.120)
Common Weakness Enumeration (CWE)
ADVISORY - nist
ADVISORY - redhat
Exposure of Sensitive Information to an Unauthorized Actor
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in