Api.Msrc.Microsoft
Multiple CVEs Affecting net/http Identified in 2023 and 2024
First seen 18 Feb 2026, 10:13 UTC
•
•73% similarity
•41.1
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Two vulnerabilities in the net/http package have been reported. CVE-2024-45336, published on January 28, 2025, involves sensitive headers being incorrectly sent after cross-domain redirects. CVE-2023-29406, published on July 11, 2023, relates to insufficient sanitization of the Host header, with a public proof of concept released on November 12, 2023.
ThreatCluster AI
Timeline
2023-07-11
CVE-2023-29406 published
2023-11-12
First public PoC for CVE-2023-29406
2025-01-28
CVE-2024-45336 published
2026-02-18
Information published about CVE-2024-45336
2026-02-18
Information published about CVE-2023-29406