Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from cleanstart
Published
2026-02-25 00:50
Modified
2026-02-24 09:23
Summary
Cancelling a query (e
Details
Multiple security vulnerabilities affect the kyverno-policy-reporter-fips package. Cancelling a query (e. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "kyverno-policy-reporter-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.0-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the kyverno-policy-reporter-fips package. Cancelling a query (e. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-PM90259",
"modified": "2026-02-24T09:23:19Z",
"published": "2026-02-25T00:50:43.010672Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-PM90259.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0913"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2464-8j7c-4cjm"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0913"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Cancelling a query (e",
"upstream": [
"CVE-2025-0913",
"CVE-2025-4673",
"CVE-2025-47907",
"GHSA-2464-8j7c-4cjm"
]
}
GHSA-2464-8J7C-4CJM
Vulnerability from github – Published: 2025-08-21 14:37 – Updated: 2026-01-27 21:01
VLAI?
Summary
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
Details
Summary
Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields.
Details
OpenBao (and presumably HashiCorp Vault) have surfaced error messages from mapstructure as follows:
https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L43-L50
_, _, err := d.getPrimitive(field, schema)
if err != nil {
return fmt.Errorf("error converting input for field %q: %w", field, err)
}
where this calls mapstructure.WeakDecode(...): https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L181-L193
func (d *FieldData) getPrimitive(k string, schema *FieldSchema) (interface{}, bool, error) {
raw, ok := d.Raw[k]
if !ok {
return nil, false, nil
}
switch t := schema.Type; t {
case TypeBool:
var result bool
if err := mapstructure.WeakDecode(raw, &result); err != nil {
return nil, false, err
}
return result, true, nil
Notably, WeakDecode(...) eventually calls one of the decode helpers, which surfaces the original value via strconv helpers:
https://github.com/go-viper/mapstructure/blob/8c61ec1924fcfa522f9fc6b4618c672db61d1a38/mapstructure.go#L720-L727
https://github.com/go-viper/mapstructure/blob/8c61ec1924fcfa522f9fc6b4618c672db61d1a38/mapstructure.go#L791-L798
https://github.com/go-viper/mapstructure/blob/8c61ec1924fcfa522f9fc6b4618c672db61d1a38/decode_hooks.go#L180
& more. These are different code paths than are fixed in the previous iteration at https://github.com/go-viper/mapstructure/security/advisories/GHSA-fv92-fjc5-jj9h.
PoC
To reproduce with OpenBao:
$ podman run --pull=always -p 8300:8300 openbao/openbao:latest server -dev -dev-root-token-id=root -dev-listen-address=0.0.0.0:8300
and in a new tab:
$ BAO_TOKEN=root BAO_ADDR=http://localhost:8300 bao auth enable userpass
Success! Enabled userpass auth method at: userpass/
$ curl -X PUT -H "X-Vault-Request: true" -H "X-Vault-Token: root" -d '{"ttl":"asdf"}' "http://localhost:8200/v1/auth/userpass/users/asdf"
--> server logs:
2025-06-25T21:32:25.101-0500 [ERROR] core: failed to run existence check: error="error converting input for field \"ttl\": time: invalid duration \"asdf\""
Impact
This is an information disclosure bug with little mitigation. See https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717 for a previous version. That version was fixed, but this is in the second part of that error message (starting at '' expected a map, got 'string' -- when the field type is string and a map is provided, we see the above information leak -- the previous example had a map type field with a string value provided).
This was rated 4.5 Medium by HashiCorp in the past iteration.
Severity ?
5.3 (Medium)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.3.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/go-viper/mapstructure/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-11065"
],
"database_specific": {
"cwe_ids": [
"CWE-117"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-21T14:37:19Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nUse of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields.\n\n### Details\n\nOpenBao (and presumably HashiCorp Vault) have surfaced error messages from `mapstructure` as follows:\n\nhttps://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L43-L50\n\n```go\n\t\t\t_, _, err := d.getPrimitive(field, schema)\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"error converting input for field %q: %w\", field, err)\n\t\t\t}\n```\n\nwhere this calls `mapstructure.WeakDecode(...)`: https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L181-L193\n\n```go\n\nfunc (d *FieldData) getPrimitive(k string, schema *FieldSchema) (interface{}, bool, error) {\n\traw, ok := d.Raw[k]\n\tif !ok {\n\t\treturn nil, false, nil\n\t}\n\n\tswitch t := schema.Type; t {\n\tcase TypeBool:\n\t\tvar result bool\n\t\tif err := mapstructure.WeakDecode(raw, \u0026result); err != nil {\n\t\t\treturn nil, false, err\n\t\t}\n\t\treturn result, true, nil\n```\n\nNotably, `WeakDecode(...)` eventually calls one of the decode helpers, which surfaces the original value via `strconv` helpers:\n\nhttps://github.com/go-viper/mapstructure/blob/8c61ec1924fcfa522f9fc6b4618c672db61d1a38/mapstructure.go#L720-L727\n\nhttps://github.com/go-viper/mapstructure/blob/8c61ec1924fcfa522f9fc6b4618c672db61d1a38/mapstructure.go#L791-L798\n\nhttps://github.com/go-viper/mapstructure/blob/8c61ec1924fcfa522f9fc6b4618c672db61d1a38/decode_hooks.go#L180\n\n\u0026 more. These are different code paths than are fixed in the previous iteration at https://github.com/go-viper/mapstructure/security/advisories/GHSA-fv92-fjc5-jj9h.\n\n### PoC\n\nTo reproduce with OpenBao:\n\n```\n$ podman run --pull=always -p 8300:8300 openbao/openbao:latest server -dev -dev-root-token-id=root -dev-listen-address=0.0.0.0:8300\n```\n\nand in a new tab:\n\n```\n$ BAO_TOKEN=root BAO_ADDR=http://localhost:8300 bao auth enable userpass\nSuccess! Enabled userpass auth method at: userpass/\n$ curl -X PUT -H \"X-Vault-Request: true\" -H \"X-Vault-Token: root\" -d \u0027{\"ttl\":\"asdf\"}\u0027 \"http://localhost:8200/v1/auth/userpass/users/asdf\"\n\n--\u003e server logs:\n\n2025-06-25T21:32:25.101-0500 [ERROR] core: failed to run existence check: error=\"error converting input for field \\\"ttl\\\": time: invalid duration \\\"asdf\\\"\"\n```\n\n### Impact\n\nThis is an information disclosure bug with little mitigation. See https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717 for a previous version. That version was fixed, but this is in the second part of that error message (starting at `\u0027\u0027 expected a map, got \u0027string\u0027` -- when the field type is `string` and a `map` is provided, we see the above information leak -- the previous example had a `map` type field with a `string` value provided).\n\nThis was rated 4.5 Medium by HashiCorp in the past iteration.",
"id": "GHSA-2464-8j7c-4cjm",
"modified": "2026-01-27T21:01:22Z",
"published": "2025-08-21T14:37:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11065"
},
{
"type": "WEB",
"url": "https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-11065"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391829"
},
{
"type": "PACKAGE",
"url": "https://github.com/go-viper/mapstructure"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3900"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "go-viper\u0027s mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data"
}
CVE-2025-47907 (GCVE-0-2025-47907)
Vulnerability from cvelistv5 – Published: 2025-08-07 15:25 – Updated: 2025-11-04 21:10
VLAI?
EPSS
Title
Incorrect results returned from Rows.Scan in database/sql
Summary
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
Severity ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Go standard library | database/sql |
Affected:
0 , < 1.23.12
(semver)
Affected: 1.24.0 , < 1.24.6 (semver) |
Credits
Spike Curtis from Coder
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-47907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T15:45:26.297503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T15:48:03.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:56.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/06/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "database/sql",
"product": "database/sql",
"programRoutines": [
{
"name": "Rows.Scan"
},
{
"name": "Row.Scan"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.23.12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.24.6",
"status": "affected",
"version": "1.24.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Spike Curtis from Coder"
}
],
"descriptions": [
{
"lang": "en",
"value": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T15:25:30.704Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/693735"
},
{
"url": "https://go.dev/issue/74831"
},
{
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"title": "Incorrect results returned from Rows.Scan in database/sql"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-47907",
"datePublished": "2025-08-07T15:25:30.704Z",
"dateReserved": "2025-05-13T23:31:29.597Z",
"dateUpdated": "2025-11-04T21:10:56.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0913 (GCVE-0-2025-0913)
Vulnerability from cvelistv5 – Published: 2025-06-11 17:17 – Updated: 2025-06-11 17:37
VLAI?
EPSS
Title
Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall
Summary
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
Severity ?
5.5 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Go standard library | syscall |
Affected:
0 , < 1.23.10
(semver)
Affected: 1.24.0-0 , < 1.24.4 (semver) |
|||||||
|
|||||||||
Credits
Junyoung Park and Dong-uk Kim of KAIST Hacking Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-0913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T17:35:44.313980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T17:37:52.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "syscall",
"platforms": [
"windows"
],
"product": "syscall",
"programRoutines": [
{
"name": "Open"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.23.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.24.4",
"status": "affected",
"version": "1.24.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "os",
"platforms": [
"windows"
],
"product": "os",
"programRoutines": [
{
"name": "OpenFile"
},
{
"name": "Root.OpenFile"
},
{
"name": "Chdir"
},
{
"name": "Chmod"
},
{
"name": "Chown"
},
{
"name": "CopyFS"
},
{
"name": "Create"
},
{
"name": "CreateTemp"
},
{
"name": "File.ReadDir"
},
{
"name": "File.Readdir"
},
{
"name": "File.Readdirnames"
},
{
"name": "Getwd"
},
{
"name": "Lchown"
},
{
"name": "Link"
},
{
"name": "Lstat"
},
{
"name": "Mkdir"
},
{
"name": "MkdirAll"
},
{
"name": "MkdirTemp"
},
{
"name": "NewFile"
},
{
"name": "Open"
},
{
"name": "OpenInRoot"
},
{
"name": "OpenRoot"
},
{
"name": "Pipe"
},
{
"name": "ReadDir"
},
{
"name": "ReadFile"
},
{
"name": "Remove"
},
{
"name": "RemoveAll"
},
{
"name": "Rename"
},
{
"name": "Root.Create"
},
{
"name": "Root.Lstat"
},
{
"name": "Root.Mkdir"
},
{
"name": "Root.Open"
},
{
"name": "Root.OpenRoot"
},
{
"name": "Root.Remove"
},
{
"name": "Root.Stat"
},
{
"name": "StartProcess"
},
{
"name": "Stat"
},
{
"name": "Symlink"
},
{
"name": "Truncate"
},
{
"name": "WriteFile"
},
{
"name": "dirFS.Open"
},
{
"name": "dirFS.ReadDir"
},
{
"name": "dirFS.ReadFile"
},
{
"name": "dirFS.Stat"
},
{
"name": "rootFS.Open"
},
{
"name": "rootFS.ReadDir"
},
{
"name": "rootFS.ReadFile"
},
{
"name": "rootFS.Stat"
},
{
"name": "unixDirent.Info"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.23.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.24.4",
"status": "affected",
"version": "1.24.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Junyoung Park and Dong-uk Kim of KAIST Hacking Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T17:17:25.606Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/672396"
},
{
"url": "https://go.dev/issue/73702"
},
{
"url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3750"
}
],
"title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-0913",
"datePublished": "2025-06-11T17:17:25.606Z",
"dateReserved": "2025-01-30T21:52:33.447Z",
"dateUpdated": "2025-06-11T17:37:52.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4673 (GCVE-0-2025-4673)
Vulnerability from cvelistv5 – Published: 2025-06-11 16:42 – Updated: 2025-06-11 17:59
VLAI?
EPSS
Title
Sensitive headers not cleared on cross-origin redirect in net/http
Summary
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Severity ?
6.8 (Medium)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Go standard library | net/http |
Affected:
0 , < 1.23.10
(semver)
Affected: 1.24.0-0 , < 1.24.4 (semver) |
Credits
Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-4673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T17:59:02.225500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T17:59:48.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "Client.makeHeadersCopier"
},
{
"name": "Client.Do"
},
{
"name": "Client.Get"
},
{
"name": "Client.Head"
},
{
"name": "Client.Post"
},
{
"name": "Client.PostForm"
},
{
"name": "Get"
},
{
"name": "Head"
},
{
"name": "Post"
},
{
"name": "PostForm"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.23.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.24.4",
"status": "affected",
"version": "1.24.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T16:42:53.054Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/679257"
},
{
"url": "https://go.dev/issue/73816"
},
{
"url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3751"
}
],
"title": "Sensitive headers not cleared on cross-origin redirect in net/http"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-4673",
"datePublished": "2025-06-11T16:42:53.054Z",
"dateReserved": "2025-05-13T23:30:53.327Z",
"dateUpdated": "2025-06-11T17:59:48.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…