Security [Medium] CVE-2025-4673 #89
Description
Vulnerability Details
- ID: CVE-2025-4673
- Severity: Medium
- Affected Provider Version: ['v2.2.0', 'v2.1.3']
- Package: stdlib
- Package Version: go1.23.8
- Type: go-module
- Description: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
- Fix State: fixed
- Fix Versions: 1.23.10, 1.24.4
- Artifact Paths: /usr/local/bin/provider
- More Info: https://go.dev/cl/679257, https://go.dev/issue/73816, https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A, https://pkg.go.dev/vuln/GO-2025-3751
This vulnerability was detected during the periodic CVE scan.