Lucene search
K

85 matches found

Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.1 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2025-1657)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...

9.1CVSS7AI score0.00724EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/06/09 6:35 p.m.2 views

Security update for go1.23

This update for go1.23 fixes the following issues: go1.23.10 released 2025-06-05 includes security fixes to the /http and os packages, as well as bug fixes to the linker. bsc1229122 go1.23 release tracking CVE-2025-0913 CVE-2025-4673 CVE-2025-0913: os: inconsistent handling of OCREATE|OEXCL on Un...

8.9CVSS7.3AI score0.0056EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/06/09 1:44 p.m.6 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00724EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/06/09 10:19 a.m.3 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00724EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/06/09 10:18 a.m.16 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00724EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2025/06/04 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-82090f2bcc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.00938EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 3:30 a.m.10 views

CVE-2023-27077

Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service DDOS via a crafted HTTP package...

7.5CVSS6.8AI score0.01604EPSS
Exploits1References1
Redos
Redos
added 2025/04/17 12:0 a.m.16 views

ROS-20250417-08

A vulnerability in the net/http package of the Go programming language is related to a flaw in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.1CVSS7.8AI score0.00724EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/16 12:0 a.m.8 views

Fedora 41 : golang (2025-77ace1a41b)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-77ace1a41b advisory. Includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command. Full changelog. Tenable has extracted the...

9.1CVSS7.3AI score0.01001EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:6 a.m.75 views

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2024-3154 DESCRIPTION: CRI-O could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an arbitrary...

9.8CVSS9.8AI score0.99999EPSS
Exploits22Affected Software1
OSV
OSV
added 2025/04/10 7:19 a.m.11 views

BIT-GOLANG-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

9.1CVSS7.8AI score0.00724EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/04/10 1:6 a.m.6 views

golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header redirected to b.com/ will not send that header to b.com. However, the...

6.1CVSS7.2AI score0.00647EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2025/04/09 12:0 a.m.8 views

The vulnerability of the Go programming language’s net/http package, related to deficiencies in HTTP request processing, allows attackers to execute arbitrary code.

The vulnerability of the net/http package in the Go programming language is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.4CVSS7.3AI score0.00724EPSS
Exploits0References6Affected Software6
OSV
OSV
added 2025/04/08 8:15 p.m.11 views

CVE-2025-22871

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

6.2AI score
Exploits0References5
Cvelist
Cvelist
added 2025/04/08 8:4 p.m.53 views

CVE-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

0.00724EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/08 8:4 p.m.27 views

CVE-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

9.4AI score0.00724EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/04/08 8:4 p.m.19 views

CVE-2025-22871

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

9.1CVSS6.9AI score0.00724EPSS
Exploits0
CVE
CVE
added 2025/04/08 8:4 p.m.356 views

CVE-2025-22871

CVE-2025-22871 affects the Go net/http package and describes a vulnerability where a bare LF in chunked transfer encoding can be misinterpreted as part of a chunk-ext, enabling request smuggling when paired with a server/proxy that also accepts bare LFs in extensions. Connected documents confirm ...

9.1CVSS6.9AI score0.00724EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/04/08 8:4 p.m.13 views

CVE-2025-22871

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

9.1CVSS6.6AI score0.00724EPSS
Exploits0
OSV
OSV
added 2025/04/08 7:46 p.m.18 views

GO-2025-3563 Request smuggling due to acceptance of invalid chunked data in net/http

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

9.1CVSS6.2AI score0.00724EPSS
Exploits0References3
Rows per page
Query Builder