FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-29 21:10:00 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
704aa72a-d840-11ef-a205-901b0e9408dc	go -- multiple vulnerabilities The Go project reports: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. net/http: sensitive headers incorrectly sent after cross-domain redirect The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. Discovery 2025-01-07 Entry 2025-01-21 go122 < 1.22.11 go123 < 1.23.5 CVE-2024-45341 CVE-2024-45336 https://go.dev/issue/71156 https://go.dev/issue/70530
b0374722-3912-11ef-a77e-901b0e9408dc	go -- net/http: denial of service due to improper 100-continue handling The Go project reports: net/http: denial of service due to improper 100-continue handling The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Discovery 2024-07-02 Entry 2024-07-03 go122 < 1.22.5 go121 < 1.21.12 CVE-2024-24791 https://go.dev/issue/67555

VuXML ID

Description

704aa72a-d840-11ef-a205-901b0e9408dc

go -- multiple vulnerabilities

The Go project reports:

crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain.

net/http: sensitive headers incorrectly sent after cross-domain redirect

The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com.

Discovery 2025-01-07
Entry 2025-01-21
go122

< 1.22.11

go123

< 1.23.5

CVE-2024-45341
CVE-2024-45336
https://go.dev/issue/71156
https://go.dev/issue/70530

b0374722-3912-11ef-a77e-901b0e9408dc

go -- net/http: denial of service due to improper 100-continue handling

The Go project reports:

net/http: denial of service due to improper 100-continue handling

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Discovery 2024-07-02
Entry 2024-07-03
go122

< 1.22.5

go121

< 1.21.12

CVE-2024-24791
https://go.dev/issue/67555