Lucene search
+L

75 matches found

OSV
OSV
added 2025/03/12 10:6 p.m.12 views

GHSA-QXP5-GWG8-XV66 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.2AI score0.00393EPSS
Exploits2References8
NVD
NVD
added 2025/03/12 7:15 p.m.23 views

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS0.00393EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2025/03/12 7:15 p.m.4 views

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.7AI score0.00393EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2025/03/12 7:15 p.m.7 views

AZL-58413 CVE-2025-22870 affecting package prometheus-process-exporter for versions less than 0.8.2-2

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00393EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.6 views

AZL-58472 CVE-2025-22870 affecting package prometheus for versions less than 2.45.4-12

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00393EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.10 views

AZL-58392 CVE-2025-22870 affecting package golang for versions less than 1.22.7-4

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00393EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.5 views

AZL-58440 CVE-2025-22870 affecting package telegraf for versions less than 1.29.4-15

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00393EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.8 views

AZL-58402 CVE-2025-22870 affecting package vitess for versions less than 17.0.7-7

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00393EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.13 views

AZL-58396 CVE-2025-22870 affecting package packer for versions less than 1.9.5-12

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00393EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.22 views

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

6.2AI score
Exploits0References5
OSV
OSV
added 2025/03/12 7:15 p.m.4 views

DEBIAN-CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.3AI score0.00393EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.6 views

AZL-58446 CVE-2025-22870 affecting package git-lfs for versions less than 3.6.1-2

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00393EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.10 views

AZL-58404 CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-5

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00393EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.13 views

UBUNTU-CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.7AI score0.00393EPSS
Exploits2References5
Cvelist
Cvelist
added 2025/03/12 6:27 p.m.51 views

CVE-2025-22870 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

0.00393EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2025/03/12 6:27 p.m.22 views

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.3AI score0.00393EPSS
Exploits2
CVE
CVE
added 2025/03/12 6:27 p.m.343 views

CVE-2025-22870

CVE-2025-22870 has concrete details across connected docs: it impacts multiple Go-related packages (notably golang) and related ecosystems via a proxy matching bug. The flaw arises when IPv6 zone IDs are misinterpreted as hostname components in NO_PROXY, causing requests to [::1%25.example.com] t...

4.4CVSS6.4AI score0.00393EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2025/03/12 6:27 p.m.17 views

CVE-2025-22870 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

6.6AI score0.00393EPSS
Exploits2References4
AlpineLinux
AlpineLinux
added 2025/03/12 6:27 p.m.20 views

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.8AI score0.00393EPSS
Exploits2
OSV
OSV
added 2025/03/12 6:17 p.m.49 views

GO-2025-3503 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.2AI score0.00393EPSS
Exploits2References3
Rows per page
Query Builder