3 matches found
Lego 安全漏洞
Lego is an open-source library written in Go by go-acme. Versions of Lego before 4.34.0 have security vulnerabilities; these vulnerabilities stem from path traversal in the webroot HTTP-01 challenge provider, which could lead to arbitrary file writing and deletion...
Cleartext Transmission Of Sensitive Information
github.com/go-acme/lego is vulnerable to Cleartext Transmission of Sensitive Information. The vulnerability is due to the library not enforcing HTTPS when communicating with Certificate Authorities CAs, which allows attackers to intercept ACME protocol operations and access sensitive details like...
GO-2025-3847 Github.com/go-acme/lego/v4/acme/api does not enforce HTTPS in github.com/go-acme/lego
Github.com/go-acme/lego/v4/acme/api does not enforce HTTPS in github.com/go-acme/lego...