Lucene search
K

7 matches found

OSV
OSV
added 2025/04/02 4:2 p.m.11 views

GO-2025-3588 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times in github.com/phires/go-guerrilla

Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times in github.com/phires/go-guerrilla...

5.3CVSS7.2AI score0.00356EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/04/01 10:23 p.m.20 views

Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times

Summary The PROXY command is accepted multiple times, allowing a client to spoof its IP address when the proxy protocol is being used. Details When ProxyOn is enabled, it looks like the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protoc...

5.3CVSS7.3AI score0.00356EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/04/01 10:15 p.m.17 views

CVE-2025-31135

Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...

5.3CVSS0.00356EPSS
Exploits0References2
OSV
OSV
added 2025/04/01 10:3 p.m.10 views

CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times

Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...

5.3CVSS7.4AI score0.00356EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/01 10:3 p.m.22 views

CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times

Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...

5.3CVSS0.00356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/01 10:3 p.m.8 views

CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times

Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...

5.3CVSS7.2AI score0.00356EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.5 views

PT-2025-14443

Name of the Vulnerable Software and Affected Versions Go-Guerrilla SMTP Daemon versions prior to 1.6.7 Description The issue allows a client to spoof its IP address when the proxy protocol is being used. This occurs because the PROXY command is accepted multiple times, with later invocations...

9.6CVSS7.2AI score0.00872EPSS
Exploits2References22
Rows per page
Query Builder