---

CVE-2025-4673 - log back

CVE-2025-4673 edited at 07 Jun 2025 03:27:43
Description	- net/http: sensitive headers not cleared on cross-origin redirect - - Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. + net/http: Proxy-Authorization and Proxy-Authenticate headers were not cleared during cross-origin redirects, potentially leaking sensitive credentials in proxy-authenticated environments.

CVE-2025-4673 edited at 05 Jun 2025 19:55:14
Severity	- High + Medium

CVE-2025-4673 edited at 05 Jun 2025 19:53:43
Severity	- Unknown + High

CVE-2025-4673 created at 05 Jun 2025 19:44:03
Severity	+ Unknown
Remote	+ Remote
Type	+ Information disclosure
Description	+ net/http: sensitive headers not cleared on cross-origin redirect + + Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
References	+ https://github.com/golang/go/issues/73816 + https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A/m/XDxq7uidAgAJ + https://go.dev/doc/devel/release#go1.24.4
Notes