Lucene search
+L

6 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.6 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-2207)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a...

10CVSS7.9AI score0.01945EPSS
Exploits2References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 11:11 a.m.29 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass...

8.6CVSS7AI score0.01945EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.9 views

Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016497)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016497 advisory. The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the...

7.5CVSS7.3AI score0.01945EPSS
Exploits0References4
OSV
OSV
added 2026/01/28 8:16 p.m.8 views

AZL-75695 CVE-2025-61726 affecting package golang for versions less than 1.24.12-1

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS7.2AI score0.01945EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 7:30 p.m.7 views

CVE-2025-61726

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

5.9AI score0.01945EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder