x/vulndb: potential Go vuln in github.com/imroc/req: CVE-2024-45258

[GoVulnBot]

Advisory CVE-2024-45258 references a vulnerability in the following Go modules:

Module
github.com/imroc/req

Description:
The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-45258
• FIX: imroc/req@04e3ece
• WEB: imroc/req@v3.43.3...v3.43.4

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/imroc/req
      vulnerable_at: 0.3.2
summary: CVE-2024-45258 in github.com/imroc/req
cves:
    - CVE-2024-45258
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-45258
    - fix: https://github.com/imroc/req/commit/04e3ece5b380ecad9da3551c449f1b8a9aa76d3d
    - web: https://github.com/imroc/req/compare/v3.43.3...v3.43.4
source:
    id: CVE-2024-45258
    created: 2024-08-25T23:01:11.285341912Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/613257 mentions this issue: data/reports: add GO-2024-3098