RLSA-2025:9845 Moderate: weldr-client security update

Command line utility to control osbuild-composer Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer t...

ROS-20241024-01

A vulnerability in the net/http module of the Go programming language is related to improper input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

USN-7081-1 golang-1.22 vulnerabilities

It was discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. CVE-2024-24791 It was discovered that the Go parser module did not...

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...

USN-6574-1 Go vulnerabilities

Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS,...