SYM_GO_0004 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Misinterpretation of Input
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-115: Misinterpretation of Input |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description
When using ReverseProxy with a custom Director function in Go, headers added by the Director can be unintentionally removed before the request is sent. Using ReverseProxy.Rewrite instead ensures headers are preserved as intended.
Impact
If headers set by the Director are dropped, important context or security controls (such as authentication or tracing headers) may be lost, potentially leading to failed requests or allowing attackers to bypass security checks relying on those headers.