2 matches found
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
OpenClaw Server-Side Request Forgery Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability. The vulnerability stems from the fact that SSRF protection can be bypassed using a full form IPv4 mapping IPv6 literal, which can be exploited by an attacke...