Lucene search
+L

9 matches found

RedHat Linux
RedHat Linux
added 2026/04/09 11:0 a.m.3 views

net/http: CrossOriginProtection bypass in net/http

A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path,...

5.4CVSS6AI score0.00308EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/11 12:0 a.m.3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25-openssl (SUSE-SU-2025:03525-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03525-1 advisory. Update to version 1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: - CVE-2025-47910:...

5.4CVSS8.1AI score0.00308EPSS
Exploits0References5
OSV
OSV
added 2025/10/10 10:32 a.m.2 views

SUSE-SU-2025:03524-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to version 1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: - CVE-2025-47910: net/http: CrossOriginProtection insecure bypass patterns not limited to exact matches bsc1249141. Other issues fixed: - go74822 cmd/go: 'ge...

5.4CVSS7.1AI score0.00308EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-47910

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips...

5.4CVSS6.7AI score0.00308EPSS
Exploits0References3
OSV
OSV
added 2025/09/22 8:48 p.m.5 views

GO-2025-3955 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

5.4CVSS6.9AI score0.00308EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/13 12:0 a.m.3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25 (SUSE-SU-2025:03200-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03200-1 advisory. Update to go1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: - CVE-2025-47910: net/http:...

5.4CVSS8.1AI score0.00308EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.3 views

Golang 1.24.x < 1.24.7 / 1.25.x < 1.25.1 Insecure Bypass (75054)

The version of Golang running on the remote host is 1.24.x prior to 1.24.7, 1.25.x prior to 1.25.1. It is, therefore, affected by a vulnerability as referenced in 75054 advisory. - When passing patterns to CrossOriginProtection.AddInsecureBypassPattern, requests that would have redirected to thos...

5.4CVSS8AI score0.00308EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/29 8:23 p.m.10 views

github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

7.3CVSS4.3AI score0.0016EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/08/29 3:55 p.m.14 views

CVE-2025-47909 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

0.0016EPSS
Exploits0References2
Rows per page
Query Builder