15 matches found
EUVD-2025-30469
Malicious code in bioql PyPI...
CVE-2025-47910
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
BIT-GOLANG-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
DEBIAN-CVE-2025-47910
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
CVE-2025-47910
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
UBUNTU-CVE-2025-47910
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
CVE-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
CVE-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
CVE-2025-47910
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
CVE-2025-47910
CVE-2025-47910 — Normal (detailed) The connected sources confirm a vulnerability in Go’s net/http CrossOriginProtection: the AddInsecureBypassPattern can bypass more requests than intended, causing CrossOriginProtection to skip validation while forwarding the original request path. This may allow...
GO-2025-3955 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
Google Go 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the AddInsecureBypassPattern method that may accidentally bypass more requests, resulting in skipping authenticati...
Security update for go1.25
This update for go1.25 fixes the following issues: Update to go1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: CVE-2025-47910: net/http: CrossOriginProtection insecure bypass patterns not limited to exact matches bsc1249141. Other issues fixed: go74822 cmd/go: "get toolchain@latest...
Golang 1.24.x < 1.24.7 / 1.25.x < 1.25.1 Insecure Bypass (75054)
The version of Golang running on the remote host is 1.24.x prior to 1.24.7, 1.25.x prior to 1.25.1. It is, therefore, affected by a vulnerability as referenced in 75054 advisory. - When passing patterns to CrossOriginProtection.AddInsecureBypassPattern, requests that would have redirected to thos...
SUSE CVE-2025-47910
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...