Hey there,

It is stated that

In the net/http package there is an HTTP request multiplexer type called ServeMux. It is used to match the incoming request to the registered patterns, and calls the handler that most closely matches the requested URL. In addition to it's main purpose, it also takes care of sanitizing the URL request path, redirecting any request containing . or .. elements or repeated slashes to an equivalent, cleaner URL.

But actually you can see in the docs that "The path and host are used unchanged for CONNECT requests.".

You can check out an exploitation scenario here: https://ilyaglotov.com/blog/servemux-and-path-traversal

Fixed v2.1.1