net/http — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in net/http, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-58186	Lack of limit when parsing cookies can cause memory exhaustion in net/http	7.5^AI	High^AI	2025-10-29
CVE-2025-47910	CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http	7.5^AI	High^AI	2025-09-22
CVE-2025-4673	Sensitive headers not cleared on cross-origin redirect in net/http	6.5^AI	Medium^AI	2025-06-11
CVE-2025-22870	HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net	5.3	-	2025-03-12
CVE-2024-45336	Sensitive headers incorrectly sent after cross-domain redirect in net/http	8.2	-	2025-01-28
CVE-2024-24791	Denial of service due to improper 100-continue handling in net/http	7.5^AI	High^AI	2024-07-02
CVE-2023-45288	HTTP/2 CONTINUATION flood in net/http	7.5	-	2024-04-04
CVE-2023-45289	Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http	7.1^AI	High^AI	2024-03-05
CVE-2023-39325	HTTP/2 rapid reset can cause excessive work in net/http	7.5	-	2023-10-11
CVE-2023-29406	Insufficient sanitization of Host header in net/http	7.5	-	2023-07-11
CVE-2022-41723	Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net	7.5	-	2023-02-28
CVE-2022-41717	Excessive memory growth in net/http and golang.org/x/net/http2	5.3	-	2022-12-08
CVE-2022-32148	Exposure of client IP addresses in net/http	-	-	2022-08-09
CVE-2022-1705	Improper sanitization of Transfer-Encoding headers in net/http	6.5	-	2022-08-09

All 14 known CVE vulnerabilities affecting net/http with full Chinese analysis, references, and POCs where available.