SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25-openssl (SUSE-SU-2025:03525-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03525-1 advisory. Update to version 1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: - CVE-2025-47910:...

SUSE-SU-2025:03524-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to version 1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: - CVE-2025-47910: net/http: CrossOriginProtection insecure bypass patterns not limited to exact matches bsc1249141. Other issues fixed: - go74822 cmd/go: 'ge...

Linux Distros Unpatched Vulnerability : CVE-2025-47910

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips...

GO-2025-3955 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25 (SUSE-SU-2025:03200-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03200-1 advisory. Update to go1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: - CVE-2025-47910: net/http:...

Golang 1.24.x < 1.24.7 / 1.25.x < 1.25.1 Insecure Bypass (75054)

The version of Golang running on the remote host is 1.24.x prior to 1.24.7, 1.25.x prior to 1.25.1. It is, therefore, affected by a vulnerability as referenced in 75054 advisory. - When passing patterns to CrossOriginProtection.AddInsecureBypassPattern, requests that would have redirected to thos...

github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

CVE-2025-47909 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...