redli icon indicating copy to clipboard operation
redli copied to clipboard
verified publisher icon IBM-Cloud

CVE-2025-22871 - CRITICAL - go/stdlib

Open cedricmillet opened this issue 8 months ago • 0 comments

The last release of redli (v0.15) contains the following vulnerability: CVE-2025-22871

  • Severity: CRITICAL
  • Description: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected package

  • Name: go/stdlib
  • Installed version: 0:1.24.0

An update of this package to the version 1.24.2 is required to fix this CVE.

cedricmillet avatar Apr 10 '25 10:04 cedricmillet