3 matches found
AZL-76665 CVE-2025-68121 affecting package msft-golang for versions less than 1.24.12-1
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...
AZL-69164 CVE-2025-61724 affecting package msft-golang 1.24.13-1
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...
AZL-63866 CVE-2025-4673 affecting package msft-golang for versions less than 1.24.1-3
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...