CVE-2015-5740

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.4.3

Description The issue arises from improper parsing of HTTP headers, allowing remote attackers to conduct HTTP request smuggling attacks. This can be achieved via a request that contains Content-Length and Transfer-Encoding header fields.

Recommendations For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the net/http library until a patch is applied. Avoid using the Content-Length and Transfer-Encoding header fields in requests to minimize the risk of exploitation.