2 matches found
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
CLSA-2026-1776336504 git-lfs: Fix of CVE-2026-25679
Rebuild with Go 1.25.8 to fix Go standard library CVE - CVE-2026-25679: reject invalid IPv6 host literals in net/url.Parse to prevent URL validation bypass...