The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B’s state.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Go | Golang | * | 1.19.11 (excluding) |
| Go | Golang | 1.20.0 (including) | 1.20.6 (excluding) |
| Cryostat 2 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-rhel8-operator:2.3.1-11 | * |
| MTA-6.2-RHEL-8 | RedHat | mta/mta-rhel8-operator:6.2.2-3 | * |
| MTA-6.2-RHEL-9 | RedHat | mta/mta-hub-rhel9:6.2.2-2 | * |
| MTA-6.2-RHEL-9 | RedHat | mta/mta-operator-bundle:6.2.2-5 | * |
| MTA-6.2-RHEL-9 | RedHat | mta/mta-pathfinder-rhel9:6.2.2-2 | * |
| MTA-6.2-RHEL-9 | RedHat | mta/mta-ui-rhel9:6.2.2-2 | * |
| MTA-6.2-RHEL-9 | RedHat | mta/mta-windup-addon-rhel9:6.2.2-3 | * |
| NETWORK-OBSERVABILITY-1.4.0-RHEL-9 | RedHat | network-observability/network-observability-rhel9-operator:v1.4.0-51 | * |
| OADP-1.1-RHEL-8 | RedHat | oadp/oadp-velero-rhel8:1.1.7-6 | * |
| Openshift Serverless 1 on RHEL 8 | RedHat | openshift-serverless-clients-0:1.9.2-4.el8 | * |
| OSSO-1.1-RHEL-8 | RedHat | openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-37 | * |
| Red Hat Advanced Cluster Security 4.4 | RedHat | advanced-cluster-security/rhacs-main-rhel8:4.4.0-17 | * |
| Red Hat Enterprise Linux 8 | RedHat | go-toolset:rhel8-8080020231013004859.6b4b45d8 | * |
| Red Hat Enterprise Linux 8 | RedHat | container-tools:4.0-8090020230828093056.e7857ab1 | * |
| Red Hat Enterprise Linux 8 | RedHat | container-tools:rhel8-8090020230825121312.e7857ab1 | * |
| Red Hat Enterprise Linux 8 | RedHat | container-tools:4.0-8090020231009143402.d7b6f4b7 | * |
| Red Hat Enterprise Linux 9 | RedHat | golang-0:1.19.13-1.el9_2 | * |
| Red Hat Enterprise Linux 9 | RedHat | toolbox-0:0.0.99.4-6.el9_3 | * |
| Red Hat Enterprise Linux 9 | RedHat | skopeo-2:1.13.3-1.el9 | * |
| Red Hat Enterprise Linux 9 | RedHat | containernetworking-plugins-1:1.3.0-4.el9 | * |
| Red Hat Enterprise Linux 9 | RedHat | buildah-1:1.31.3-1.el9 | * |
| Red Hat Enterprise Linux 9 | RedHat | podman-2:4.6.1-5.el9 | * |
| Red Hat Migration Toolkit for Containers 1.7 | RedHat | rhmtc/openshift-velero-plugin-rhel8:v1.7.14-3 | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | openshift-clients-0:4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el8 | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | openshift-0:4.14.0-202401121302.p0.ge36e183.assembly.stream.el9 | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | jaeger-agent-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | jaeger-all-in-one-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | jaeger-collector-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | jaeger-es-index-cleaner-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | jaeger-es-rollover-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | jaeger-ingester-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | jaeger-operator-bundle-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | jaeger-operator-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | jaeger-query-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | opentelemetry-collector-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | opentelemetry-operator-bundle-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | opentelemetry-operator-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | tempo-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | tempo-gateway-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | tempo-gateway-opa-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | tempo-operator-bundle-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | tempo-operator-container | * |
| Red Hat OpenShift distributed tracing 2 | RedHat | tempo-query-container | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/client-kn-rhel8:1.9.2-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-controller-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.9.0-9 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.9.0-9 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.9.0-9 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.9.0-9 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.9.0-9 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-mtping-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-storage-version-migration-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/eventing-webhook-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/func-utils-rhel8:1.30.2-2 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/ingress-rhel8-operator:1.30.2-3 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/knative-rhel8-operator:1.30.2-3 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/kn-cli-artifacts-rhel8:1.9.2-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/kourier-control-rhel8:1.9.0-5 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/net-istio-controller-rhel8:1.9.0-5 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/net-istio-webhook-rhel8:1.9.0-5 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/serverless-operator-bundle:1.30.2-2 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/serverless-rhel8-operator:1.30.2-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/serving-activator-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/serving-autoscaler-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/serving-controller-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/serving-domain-mapping-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/serving-queue-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/serving-storage-version-migration-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/serving-webhook-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1/svls-must-gather-rhel8:1.30.2-1 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.9.0-4 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8:1.30.0-8 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.30.0-9 | * |
| Red Hat OpenShift Serverless 1.30 | RedHat | openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.30.0-9 | * |
| Red Hat OpenStack Platform 16.2 | RedHat | rhosp-rhel8/osp-director-agent:1.3.0-10 | * |
| Red Hat OpenStack Platform 16.2 | RedHat | rhosp-rhel8/osp-director-downloader:1.3.0-11 | * |
| Red Hat OpenStack Platform 16.2 | RedHat | rhosp-rhel8/osp-director-operator:1.3.0-9 | * |
| Red Hat OpenStack Platform 16.2 | RedHat | rhosp-rhel8/osp-director-operator-bundle:1.3.0-19 | * |
| Red Hat OpenStack Platform 16.2 | RedHat | etcd-0:3.3.23-15.el8ost | * |
| Red Hat Satellite 6.14 for RHEL 8 | RedHat | yggdrasil-worker-forwarder-0:0.0.3-1.el8sat | * |
| RHODF-4.15-RHEL-9 | RedHat | odf4/cephcsi-rhel9:v4.15.0-37 | * |
| RHOL-5.6-RHEL-8 | RedHat | openshift-logging/logging-loki-rhel8:v2.9.2-2 | * |
| RHOL-5.7-RHEL-8 | RedHat | openshift-logging/logging-loki-rhel8:v2.9.2-1 | * |
| RODOO-1.0-RHEL-8 | RedHat | run-once-duration-override-operator/run-once-duration-override-rhel8:v1.0-30 | * |
| STF-1.5-RHEL-8 | RedHat | stf/prometheus-webhook-snmp-rhel8:1.5.2-8 | * |
| STF-1.5-RHEL-8 | RedHat | stf/service-telemetry-operator-bundle:1.5.1697612918-1 | * |
| STF-1.5-RHEL-8 | RedHat | stf/service-telemetry-rhel8-operator:1.5.1-8 | * |
| STF-1.5-RHEL-8 | RedHat | stf/sg-bridge-rhel8:1.5.0-18 | * |
| STF-1.5-RHEL-8 | RedHat | stf/sg-core-rhel8:5.1.1-8 | * |
| STF-1.5-RHEL-8 | RedHat | stf/smart-gateway-operator-bundle:5.0.1697612918-1 | * |
| STF-1.5-RHEL-8 | RedHat | stf/smart-gateway-rhel8-operator:5.0.1-9 | * |
| Golang | Ubuntu | bionic | * |
| Golang | Ubuntu | trusty | * |
| Golang | Ubuntu | xenial | * |
| Golang-1.10 | Ubuntu | bionic | * |
| Golang-1.10 | Ubuntu | trusty | * |
| Golang-1.10 | Ubuntu | trusty/esm | * |
| Golang-1.10 | Ubuntu | xenial | * |
| Golang-1.13 | Ubuntu | bionic | * |
| Golang-1.13 | Ubuntu | kinetic | * |
| Golang-1.13 | Ubuntu | xenial | * |
| Golang-1.16 | Ubuntu | bionic | * |
| Golang-1.16 | Ubuntu | trusty | * |
| Golang-1.16 | Ubuntu | xenial | * |
| Golang-1.17 | Ubuntu | jammy | * |
| Golang-1.17 | Ubuntu | trusty | * |
| Golang-1.17 | Ubuntu | xenial | * |
| Golang-1.18 | Ubuntu | bionic | * |
| Golang-1.18 | Ubuntu | esm-apps/bionic | * |
| Golang-1.18 | Ubuntu | esm-apps/xenial | * |
| Golang-1.18 | Ubuntu | focal | * |
| Golang-1.18 | Ubuntu | jammy | * |
| Golang-1.18 | Ubuntu | trusty | * |
| Golang-1.18 | Ubuntu | upstream | * |
| Golang-1.18 | Ubuntu | xenial | * |
| Golang-1.19 | Ubuntu | kinetic | * |
| Golang-1.19 | Ubuntu | lunar | * |
| Golang-1.19 | Ubuntu | trusty | * |
| Golang-1.19 | Ubuntu | xenial | * |
| Golang-1.20 | Ubuntu | lunar | * |
| Golang-1.20 | Ubuntu | mantic | * |
| Golang-1.20 | Ubuntu | trusty | * |
| Golang-1.20 | Ubuntu | xenial | * |
| Golang-1.6 | Ubuntu | trusty | * |
| Golang-1.6 | Ubuntu | xenial | * |
| Golang-1.8 | Ubuntu | bionic | * |
| Golang-1.9 | Ubuntu | bionic | * |