Protocol Switching and Configuration Bypass Vulnerability in go-getter up to 1.5.11 and 2.0.2

Protocol Switching and Configuration Bypass Vulnerability in go-getter up to 1.5.11 and 2.0.2

CVE-2022-26945 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.

Learn more about our Web Application Penetration Testing UK.