Multiple CVEs Affecting net/http Identified in 2023 and 2024

Multiple CVEs Affecting net/http Identified in 2023 and 2024

First seen 18 Feb 2026, 10:13 UTC Api.Msrc.Microsoft 73% similarity 41.1

Article Content

Browse articles
ThreatCluster

Two vulnerabilities in the net/http package have been reported. CVE-2024-45336, published on January 28, 2025, involves sensitive headers being incorrectly sent after cross-domain redirects. CVE-2023-29406, published on July 11, 2023, relates to insufficient sanitization of the Host header, with a public proof of concept released on November 12, 2023.

ThreatCluster AI

Timeline

2023-07-11
CVE-2023-29406 published
2023-11-12
First public PoC for CVE-2023-29406
2025-01-28
CVE-2024-45336 published
2026-02-18
Information published about CVE-2024-45336
2026-02-18
Information published about CVE-2023-29406

Community

Browse all →