{"id":"CVE-2024-24791","details":"The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.","aliases":["BIT-golang-2024-24791","GO-2024-2963"],"modified":"2026-04-16T04:36:29.270257613Z","published":"2024-07-02T22:15:04Z","related":["ALSA-2024:6908","ALSA-2024:6913","ALSA-2024:6969","ALSA-2024:7349","ALSA-2024:9089","ALSA-2024:9097","ALSA-2024:9098","ALSA-2024:9115","ALSA-2024:9135","ALSA-2025:7256","CGA-7r9v-mf57-276j","SUSE-SU-2024:2294-1","SUSE-SU-2024:2295-1","SUSE-SU-2024:2308-1","SUSE-SU-2024:2309-1","SUSE-SU-2024:3089-1","SUSE-SU-2024:3360-1","SUSE-SU-2024:3755-1","SUSE-SU-2024:3772-1","SUSE-SU-2024:3938-1","openSUSE-SU-2024:14091-1","openSUSE-SU-2024:14098-1","openSUSE-SU-2024:14107-1","openSUSE-SU-2024:14198-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241004-0004/"},{"type":"WEB","url":"https://go.dev/cl/591255"},{"type":"WEB","url":"https://go.dev/issue/67555"},{"type":"WEB","url":"https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"},{"type":"WEB","url":"https://pkg.go.dev/vuln/GO-2024-2963"}],"schema_version":"1.7.5"}