whoami icon indicating copy to clipboard operation
whoami copied to clipboard
verified publisher icon traefik

Critical vulnerability in stdlib 1.24.1 in docker.io/traefik/whoami:v1.11.0 (CVE-2025-22871 )

Open devkSerge opened this issue 4 months ago • 1 comments

Welcome!

  • [x] Yes, I've searched similar issues on GitHub and didn't find any.

What did you expect to see?

Hi, AquaSec found a critical vulnerability in whoami:v1.11.0 - stdlib 1.24.1 (CVE-2025-22871):

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. Installed Resource: stdlib 1.24.1 Full Path To Resource: whoami Fixed Version: 1.23.8, 1.24.2 Published by NVD: 2025-04-08 CVSS Score: NVD CVSSv3 9.1 Recommendations: Remediation Upgrade package stdlib to version 1.23.8,1.24.2 or above. Mitigation: N/A

Is it possible to run a new Docker build?

Thanks

devkSerge avatar Aug 20 '25 07:08 devkSerge

Hello, Any news regarding this request ? I have same problem and would need an update, otherwise I've to re-build the docker image by myself.

thanks

eddyacthergal avatar Nov 28 '25 11:11 eddyacthergal