CVE-2022-1996 — Authorization Bypass Through User-Controlled Key in Go-restful

CWE-639 — Authorization Bypass Through User-Controlled Key CWE-1341 — Multiple Releases of Same Resource or Handle CWE-825 — Expired Pointer Dereference CWE-20 — Improper Input Validation CWE-430 — Deployment of Wrong Handler CWE-362 — Race Condition CWE-476 — NULL Pointer Dereference CWE-416 — Use After Free CWE-787 — Out-of-bounds Write CWE-544 — Missing Standardized Error Handling Mechanism CWE-826 — Premature Release of Resource During Expected Lifetime CWE-823 — Use of Out-of-range Pointer Offset35 documents7 sources

Severity

9.1CRITICALNVD

EPSS

1.0%

top 23.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Emicklei Go-restful Github.com Emicklei Go-restful Github.com Emicklei Go-restful V3 +11 more

Timeline

PublishedJun 8

Latest updateDec 24

Description

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages13 packages

▶Gogithub.com/emicklei_go-restful< 2.16.0+1

▶Gogithub.com/emicklei_go-restful_v33.0.0 — 3.8.0

▶debiandebian/golang-github-emicklei-go-restful< golang-github-emicklei-go-restful 3.10.2-1 (bookworm)

▶Gogithub.com/emicklei_go-restful_v22.7.1+1

▶CVEListV5emicklei/emicklei_go-restfulunspecified — v3.8.0

Also affects: Fedora 35, 36

Patches

Patch: github.com ↗Patch: huntr.dev ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

wifi: mt76: do not run mt76u_status_worker if the device is not running↗2025-12-24

▶

OSV

Authorization bypass in github.com/emicklei/go-restful, go-restful/v2 and go-restful/v3↗2022-08-15

▶

OSV

Authorization Bypass Through User-Controlled Key in go-restful↗2022-06-09

▶

GHSA

Authorization Bypass Through User-Controlled Key in go-restful↗2022-06-09

▶

OSV

CVE-2022-1996: Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3↗2022-06-08

▶

📋Vendor Advisories

Red Hat

kernel: wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out↗2025-12-24

▶

Red Hat

kernel: dm thin: Use last transaction's pmd->root when commit failed↗2025-10-07

▶

Red Hat

kernel: wifi: ath9k: verify the expected usb_endpoints are present↗2025-09-15

▶

Red Hat

kernel: media: mceusb: Use new usb_control_msg_*() routines↗2025-06-18

▶

Red Hat

kernel: net, neigh: Fix null-ptr-deref in neigh_table_clear()↗2025-05-01

▶

🕵️Threat Intelligence

Wiz

CVE-2022-50885 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶