CVE-2024-45258: req may send an unintended request when a malformed URL is provided

Severity: Critical

CVSS Score: 7.2

The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.