CVE-2025-47910
published 2025-09-22CVE-2025-47910: When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then…
PriorityP431medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
EPSS
0.31%
22.4th percentile
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-1.15 | < golang-1.25 1.25.1-1 (forky) | golang-1.25 1.25.1-1 (forky) |
| debian | golang-1.19 | < golang-1.25 1.25.1-1 (forky) | golang-1.25 1.25.1-1 (forky) |
| debian | golang-1.24 | < golang-1.25 1.25.1-1 (forky) | golang-1.25 1.25.1-1 (forky) |
| debian | golang-1.25 | < golang-1.25 1.25.1-1 (forky) | golang-1.25 1.25.1-1 (forky) |
| go_standard_library | net_http | >= 1.25.0 < 1.25.1 | 1.25.1 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
osv5.4MEDIUM
vendor_debian5.4LOW
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http
osv·2025-09-22
CVE-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http
CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
OSV
CVE-2025-47910: When using http
osv·2025-09-22·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910: When using http
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
GHSA
GHSA-8pjc-487g-w6p2: When using http
ghsa_unreviewed·2025-09-22
CVE-2025-47910 [MEDIUM] GHSA-8pjc-487g-w6p2: When using http
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
Red Hat
net/http: CrossOriginProtection bypass in net/http
vendor_redhat·2025-09-22·CVSS 5.4
CVE-2025-47910 [MEDIUM] CWE-440 net/http: CrossOriginProtection bypass in net/http
net/http: CrossOriginProtection bypass in net/http
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
Mitigation: Mitigation for this issue is either not available or
Debian
CVE-2025-47910: golang-1.15 - When using http.CrossOriginProtection, the AddInsecureBypassPattern method can u...
vendor_debian·2025·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910: golang-1.15 - When using http.CrossOriginProtection, the AddInsecureBypassPattern method can u...
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
Scope: local
bullseye: resolved
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http [epel-10]
bugzilla·2026-06-12·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http [epel-10]
CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http [epel-10]
+++ This bug was initially created as a clone of Bug #2398339 +++
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http [fedora-43]
bugzilla·2026-06-12·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http [fedora-43]
CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http [fedora-43]
+++ This bug was initially created as a clone of Bug #2398339 +++
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-47910 golang-ariga-atlas: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-ariga-atlas: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-ariga-atlas: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47910 gphotosdl: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 gphotosdl: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 gphotosdl: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports f
Bugzilla
CVE-2025-47910 golang-gvisor: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-gvisor: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-gvisor: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47910 golang-github-bobesa-domain-util: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-bobesa-domain-util: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-bobesa-domain-util: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47910 golang-github-apache-beam-2: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-apache-beam-2: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-apache-beam-2: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 htmltest: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 htmltest: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 htmltest: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fr
Bugzilla
CVE-2025-47910 golang-github-nats-io-streaming-server: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-nats-io-streaming-server: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-nats-io-streaming-server: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-47910 golang-github-tenox7-wrp: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-tenox7-wrp: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-tenox7-wrp: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-47910 golang-github-mholt-archiver: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-mholt-archiver: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-mholt-archiver: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47910 cri-tools1.29: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 cri-tools1.29: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 cri-tools1.29: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [epel-8]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [epel-8]
CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [epel-8]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
The latest syncthing package in EPEL 10 was built with golang 1.23, while this issue was only introduced in 1.25.0 (and fixed in 1.25.1).
Bugzilla
CVE-2025-47910 cri-tools1.32: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 cri-tools1.32: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 cri-tools1.32: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47910 gmailctl: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 gmailctl: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 gmailctl: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fr
Bugzilla
CVE-2025-47910 golang-github-haproxytech-client-native: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-haproxytech-client-native: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-haproxytech-client-native: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [epel-10]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [epel-10]
CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
The latest syncthing package in EPEL 10 was built with golang 1.24.4, while this issue was only introduced in 1.25.0 (and fixed in 1.25.1).
Bugzilla
CVE-2025-47910 golang-github-zmap-zcertificate: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-zmap-zcertificate: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-zmap-zcertificate: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-47910 golang-github-intel-goresctrl: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-intel-goresctrl: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-intel-goresctrl: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-47910 golang-github-grpc-ecosystem-gateway: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-grpc-ecosystem-gateway: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-grpc-ecosystem-gateway: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-47910 golang-github-git-5: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-git-5: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-git-5: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47910 gron: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 gron: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 gron: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from r
Bugzilla
CVE-2025-47910 golang-github-aws-lambda: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-aws-lambda: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-aws-lambda: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-47910 deepin-daemon: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 deepin-daemon: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 deepin-daemon: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47910 golang-x-text: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-x-text: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-x-text: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47910 golang-github-erkexzcx-valetudopng: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-erkexzcx-valetudopng: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-erkexzcx-valetudopng: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-47910 golang-github-uber-athenadriver: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-uber-athenadriver: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-uber-athenadriver: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-47910 golang-github-redteampentesting-monsoon: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-redteampentesting-monsoon: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-redteampentesting-monsoon: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47910 golang-github-hashicorp-msgpack: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-hashicorp-msgpack: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-hashicorp-msgpack: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-47910 golang-github-schollz-croc: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-schollz-croc: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-schollz-croc: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 fluent-bit: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 fluent-bit: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 fluent-bit: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports
Bugzilla
CVE-2025-47910 exercism: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 exercism: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 exercism: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fr
Bugzilla
CVE-2025-47910 golang-github-google-pprof: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-google-pprof: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-google-pprof: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 lw-cli: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 lw-cli: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 lw-cli: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 cri-o1.30: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 cri-o1.30: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 cri-o1.30: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports f
Bugzilla
CVE-2025-47910 cheat: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 cheat: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 cheat: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 ignition: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 ignition: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 ignition: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fr
Bugzilla
CVE-2025-47910 golang-github-cloudflare: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-cloudflare: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-cloudflare: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-47910 golang-github-prometheus-prom2json: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-prometheus-prom2json: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-prometheus-prom2json: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-47910 asnmap: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 asnmap: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 asnmap: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 gopls: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 gopls: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 gopls: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [epel-9]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [epel-9]
CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
The latest syncthing package in EPEL 9 was built with golang 1.24.4, while this issue was only introduced in 1.25.0 (and fixed in 1.25.1).
Bugzilla
CVE-2025-47910 golang-k8s-kube-openapi: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-k8s-kube-openapi: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-k8s-kube-openapi: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47910 golang-github-rubenv-sql-migrate: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-rubenv-sql-migrate: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-rubenv-sql-migrate: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47910 mlpack: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 mlpack: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 mlpack: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 golang-github-grpc-ecosystem-gateway-2: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-grpc-ecosystem-gateway-2: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-grpc-ecosystem-gateway-2: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-47910 kata-containers: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 kata-containers: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 kata-containers: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug rep
Bugzilla
CVE-2025-47910 golang-github-theoapp-theo-agent: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-theoapp-theo-agent: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-theoapp-theo-agent: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47910 golang-github-jsonnet-bundler: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-jsonnet-bundler: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-jsonnet-bundler: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-47910 image-builder: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 image-builder: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 image-builder: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47910 direnv: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 direnv: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 direnv: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 toxcore: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 toxcore: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 toxcore: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fro
Bugzilla
CVE-2025-47910 golang-google-appengine: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-google-appengine: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-google-appengine: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47910 golang-github-nats-io-jwt-2: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-nats-io-jwt-2: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-nats-io-jwt-2: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 kappanhang: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 kappanhang: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 kappanhang: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports
Bugzilla
CVE-2025-47910 golang-github-liamg-scout: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-liamg-scout: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-liamg-scout: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close a
Bugzilla
CVE-2025-47910 golang-entgo-ent: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-entgo-ent: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-entgo-ent: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47910 kubernetes1.30: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 kubernetes1.30: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 kubernetes1.30: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-47910 golang-k8s-sample-controller: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-k8s-sample-controller: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-k8s-sample-controller: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47910 manifest-tool: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 manifest-tool: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 manifest-tool: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47910 golang-github-acme-lego: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-acme-lego: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-acme-lego: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47910 tinygo: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 tinygo: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 tinygo: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 golang-github-niklasfasching-org: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-niklasfasching-org: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-niklasfasching-org: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47910 golang-k8s-sample-apiserver: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-k8s-sample-apiserver: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-k8s-sample-apiserver: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 golang-github-kyokomi-emoji: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-kyokomi-emoji: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-kyokomi-emoji: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 golang-uber-mock: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-uber-mock: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-uber-mock: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47910 shellz: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 shellz: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 shellz: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports f
Bugzilla
CVE-2025-47910 helm: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 helm: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 helm: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from r
Bugzilla
CVE-2025-47910 golang-github-vmware-govmomi: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-vmware-govmomi: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-vmware-govmomi: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47910 golang-github-google-martian: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-google-martian: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-google-martian: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47910 golang-x-vuln: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-x-vuln: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-x-vuln: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47910 cri-tools1.30: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 cri-tools1.30: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 cri-tools1.30: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47910 whisper-cpp: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 whisper-cpp: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 whisper-cpp: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports
Bugzilla
CVE-2025-47910 golang-mongodb-mongo-driver: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-mongodb-mongo-driver: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-mongodb-mongo-driver: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 osbuild-composer: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 osbuild-composer: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 osbuild-composer: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47910 golang-github-pdfcpu: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-pdfcpu: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-pdfcpu: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bu
Bugzilla
CVE-2025-47910 golang-github-temoto-robotstxt: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-temoto-robotstxt: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-temoto-robotstxt: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-47910 matterbridge: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 matterbridge: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 matterbridge: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug report
Bugzilla
CVE-2025-47910 forgejo: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 forgejo: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 forgejo: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fro
Bugzilla
CVE-2025-47910 golang-github-mailru-easyjson: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-mailru-easyjson: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-mailru-easyjson: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-47910 grafana-pcp: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 grafana-pcp: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 grafana-pcp: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports
Bugzilla
CVE-2025-47910 golang-github-moby-swarmkit-2: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-moby-swarmkit-2: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-moby-swarmkit-2: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-47910 golang-github-rogpeppe-internal: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-rogpeppe-internal: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-rogpeppe-internal: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-47910 deepin-pw-check: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 deepin-pw-check: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 deepin-pw-check: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug rep
Bugzilla
CVE-2025-47910 golang-github-rootless-containers-rootlesskit: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-rootless-containers-rootlesskit: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-rootless-containers-rootlesskit: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-47910 golang-x-mobile: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-x-mobile: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-x-mobile: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug rep
Bugzilla
CVE-2025-47910 google-guest-agent: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 google-guest-agent: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 google-guest-agent: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47910 dnsx: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 dnsx: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 dnsx: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from r
Bugzilla
CVE-2025-47910 golang-etcd-bbolt: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-etcd-bbolt: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-etcd-bbolt: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-47910 golang-github-task: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-task: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-task: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47910 anubis: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 anubis: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 anubis: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 deepin-api: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 deepin-api: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 deepin-api: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports
Bugzilla
CVE-2025-47910 golang-github-shopify-sarama: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-shopify-sarama: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-shopify-sarama: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47910 cri-tools: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 cri-tools: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 cri-tools: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports f
Bugzilla
CVE-2025-47910 golang-github-hexdigest-gowrap: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-hexdigest-gowrap: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-hexdigest-gowrap: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-47910 golang-github-googleapis-gnostic: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-googleapis-gnostic: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-googleapis-gnostic: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47910 golang-github-containerd-fuse-overlayfs-snapshotter: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-containerd-fuse-overlayfs-snapshotter: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-containerd-fuse-overlayfs-snapshotter: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-47910 golang-github-cockroachdb-pebble: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-cockroachdb-pebble: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-cockroachdb-pebble: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47910 yggdrasil: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 yggdrasil: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 yggdrasil: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports f
Bugzilla
CVE-2025-47910 golang-github-deepmap-oapi-codegen: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-deepmap-oapi-codegen: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-deepmap-oapi-codegen: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-47910 golang-github-nicksnyder-i18n-2: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-nicksnyder-i18n-2: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-nicksnyder-i18n-2: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-47910 golang-x-debug: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-x-debug: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-x-debug: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-47910 golang-github-chromedp: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-chromedp: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-chromedp: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47910 golang-x-tools: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-x-tools: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-x-tools: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-47910 ollama: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 ollama: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 ollama: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 dnscrypt-proxy: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 dnscrypt-proxy: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 dnscrypt-proxy: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-47910 trustee-guest-components: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 trustee-guest-components: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 trustee-guest-components: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-47910 golang-github-rakyll-statik: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-rakyll-statik: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-rakyll-statik: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 transifex-client: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 transifex-client: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 transifex-client: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-47910 fluent-bit: CrossOriginProtection bypass in net/http [epel-9]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 fluent-bit: CrossOriginProtection bypass in net/http [epel-9]
CVE-2025-47910 fluent-bit: CrossOriginProtection bypass in net/http [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-47910 golang-github-instrumenta-kubeval: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-instrumenta-kubeval: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-instrumenta-kubeval: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47910 qt5-qtwebengine: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 qt5-qtwebengine: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 qt5-qtwebengine: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug rep
Bugzilla
CVE-2025-47910 golang-github-geertjohan-rice: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-geertjohan-rice: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-geertjohan-rice: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-47910 aerc: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 aerc: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 aerc: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from r
Bugzilla
CVE-2025-47910 golang-github-aliyun-cli: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-aliyun-cli: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-aliyun-cli: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-47910 golang-github-valyala-fasthttp: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-valyala-fasthttp: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-valyala-fasthttp: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-47910 reg: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 reg: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 reg: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from re
Bugzilla
CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http [epel-9]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http [epel-9]
CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This vulnerability was introduced in golang 1.25.0. The current epel9 build was built with golang 1.19.13, and thus is not affected.
Bugzilla
CVE-2025-47910 golang-k8s-kube-aggregator: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-k8s-kube-aggregator: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-k8s-kube-aggregator: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 golang-github-facebookincubator-go2chef: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-facebookincubator-go2chef: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-facebookincubator-go2chef: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47910 golang-github-pelletier-toml: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-pelletier-toml: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-pelletier-toml: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47910 etcd: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 etcd: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 etcd: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from r
Bugzilla
CVE-2025-47910 golang-github-theupdateframework-notary: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-theupdateframework-notary: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-theupdateframework-notary: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47910 google-osconfig-agent: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 google-osconfig-agent: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 google-osconfig-agent: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all b
Bugzilla
CVE-2025-47910 startdde: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 startdde: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 startdde: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fr
Bugzilla
CVE-2025-47910 butane: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 butane: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 butane: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 nats-server: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 nats-server: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 nats-server: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports
Bugzilla
CVE-2025-47910 golang-k8s-code-generator: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-k8s-code-generator: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-k8s-code-generator: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close a
Bugzilla
CVE-2025-47910 golang-github-haproxytech-dataplaneapi: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-haproxytech-dataplaneapi: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-haproxytech-dataplaneapi: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-47910 golang-github-colinmarc-hdfs-2: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-colinmarc-hdfs-2: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-colinmarc-hdfs-2: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-47910 cri-tools1.34: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 cri-tools1.34: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 cri-tools1.34: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47910 golang-github-gocolly-colly-2: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-gocolly-colly-2: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-gocolly-colly-2: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-47910 golang-github-path-network-mmproxy: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-path-network-mmproxy: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-path-network-mmproxy: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-47910 golang-github-projectdiscovery-chaos-client: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-projectdiscovery-chaos-client: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-projectdiscovery-chaos-client: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-47910 golang-k8s-apiextensions-apiserver: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-k8s-apiextensions-apiserver: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-k8s-apiextensions-apiserver: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-47910 cri-tools1.31: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 cri-tools1.31: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 cri-tools1.31: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47910 golang-github-pact-foundation: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-pact-foundation: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-pact-foundation: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-47910 golang-k8s-pod-security-admission: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-k8s-pod-security-admission: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-k8s-pod-security-admission: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-47910 golang-github-francoispqt-gojay: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-francoispqt-gojay: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-francoispqt-gojay: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-47910 snapd: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 snapd: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 snapd: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 golang-github-distribution-3: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-distribution-3: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-distribution-3: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47910 golang-github-letsencrypt-pebble: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-letsencrypt-pebble: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-letsencrypt-pebble: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
this CVE was assigned to the wrong package
---
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora
Bugzilla
CVE-2025-47910 golang-github-cloudflare-redoctober: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-cloudflare-redoctober: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-cloudflare-redoctober: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-47910 netdata: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 netdata: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 netdata: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fro
Bugzilla
CVE-2025-47910 vhs: CrossOriginProtection bypass in net/http [fedora-43]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 vhs: CrossOriginProtection bypass in net/http [fedora-43]
CVE-2025-47910 vhs: CrossOriginProtection bypass in net/http [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
https://pkg.go.dev/vuln/GO-2025-3955
This CVE affects golang apps built with golang "from go1.25.0 before go1.25.1", so really just golang 1.25.0 exactly. Here is the status across all current Fedora versions.
*
Bugzilla
CVE-2025-47910 golang-github-mock: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-mock: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-mock: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47910 golang-mvdan-xurls: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-mvdan-xurls: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-mvdan-xurls: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47910 fluent-bit: CrossOriginProtection bypass in net/http [epel-10]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 fluent-bit: CrossOriginProtection bypass in net/http [epel-10]
CVE-2025-47910 fluent-bit: CrossOriginProtection bypass in net/http [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-47910 hut: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 hut: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 hut: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from re
Bugzilla
CVE-2025-47910 yubihsm-connector: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 yubihsm-connector: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 yubihsm-connector: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-47910 miller: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 miller: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 miller: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 golang-github-schollz-cli-2: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-schollz-cli-2: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-schollz-cli-2: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 golang-github-gobwas-ws: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-gobwas-ws: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-gobwas-ws: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-47910 gvisor-tap-vsock: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 gvisor-tap-vsock: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 gvisor-tap-vsock: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
Fixed in go 1.25.1 and go 1.24.7. Should be enough to rebuild gvisor-tap-vsock with one of the fixed versions (haven’t checked if the vulnerability itself is a concern for it).
https://groups.google.co
Bugzilla
CVE-2025-47910 golang-github-tdewolff-minify: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-tdewolff-minify: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-tdewolff-minify: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-47910 golang-github-facebookincubator-contest: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-facebookincubator-contest: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-facebookincubator-contest: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-47910 nebula: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 nebula: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 nebula: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 golang-github-facebookincubator-dhcplb: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-facebookincubator-dhcplb: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-facebookincubator-dhcplb: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-47910 OliveTin: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 OliveTin: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 OliveTin: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fr
Bugzilla
CVE-2025-47910 grafana: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 grafana: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 grafana: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fro
Bugzilla
CVE-2025-47910 golang-x-exp: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-x-exp: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-x-exp: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug report
Bugzilla
CVE-2025-47910 suseconnect-ng: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 suseconnect-ng: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 suseconnect-ng: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-47910 golang-github-markbates-pkger: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-markbates-pkger: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-markbates-pkger: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-47910 git-credential-oauth: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 git-credential-oauth: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 git-credential-oauth: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bu
Bugzilla
CVE-2025-47910 golang-github-envoyproxy-protoc-gen-validate: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-envoyproxy-protoc-gen-validate: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-envoyproxy-protoc-gen-validate: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-47910 golang-github-hashicorp-hc-install: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-hashicorp-hc-install: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-hashicorp-hc-install: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-47910 golang-oras: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-oras: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-oras: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports
Bugzilla
CVE-2025-47910 vultr: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 vultr: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 vultr: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 yq: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 yq: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 yq: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from rel
Bugzilla
CVE-2025-47910 stargz-snapshotter: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 stargz-snapshotter: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 stargz-snapshotter: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-47910 reposurgeon: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 reposurgeon: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 reposurgeon: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports
Bugzilla
CVE-2025-47910 git-credential-azure: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 git-credential-azure: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 git-credential-azure: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bu
Bugzilla
CVE-2025-47910 golang-x-mod: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-x-mod: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-x-mod: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug report
Bugzilla
CVE-2025-47910 golang-github-cpu-goacmedns: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-cpu-goacmedns: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-cpu-goacmedns: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 golang-github-cucumber-godog: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-cucumber-godog: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-cucumber-godog: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47910 golang-github-google-dap: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-google-dap: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-google-dap: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-47910 golang-github-edoardottt-lit-bb-hack-tools: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-edoardottt-lit-bb-hack-tools: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-edoardottt-lit-bb-hack-tools: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-47910 glow: CrossOriginProtection bypass in net/http [epel-10]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 glow: CrossOriginProtection bypass in net/http [epel-10]
CVE-2025-47910 glow: CrossOriginProtection bypass in net/http [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
---
FEDORA-EPEL-2026-4deb1b7241 (glow-2.1.2-1.el10_3) has been submitted as an update to Fedora EPEL 10.3.
https:
Bugzilla
CVE-2025-47910 golang-github-moby-buildkit: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-moby-buildkit: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-moby-buildkit: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 golang-github-opencontainers-runtime-tools: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-opencontainers-runtime-tools: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-opencontainers-runtime-tools: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-47910 golang-github-hashicorp-serf: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-hashicorp-serf: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-hashicorp-serf: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47910 kubernetes1.29: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 kubernetes1.29: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 kubernetes1.29: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-47910 golang-etcd-bbolt: CrossOriginProtection bypass in net/http [epel-10]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-etcd-bbolt: CrossOriginProtection bypass in net/http [epel-10]
CVE-2025-47910 golang-etcd-bbolt: CrossOriginProtection bypass in net/http [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-47910 gobuster: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 gobuster: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 gobuster: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fr
Bugzilla
CVE-2025-47910 chisel: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 chisel: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 chisel: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 apache-cloudstack-cloudmonkey: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 apache-cloudstack-cloudmonkey: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 apache-cloudstack-cloudmonkey: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-47910 cri-o1.29: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 cri-o1.29: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 cri-o1.29: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports f
Bugzilla
CVE-2025-47910 glow: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 glow: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 glow: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-9d0e7df23a (glow-2.1.2-1.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-9d0e7df23a
Bugzilla
CVE-2025-47910 golang-github-spyzhov-ajson: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-spyzhov-ajson: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-spyzhov-ajson: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-47910 clash-meta: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 clash-meta: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 clash-meta: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports
Bugzilla
CVE-2025-47910 incus: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 incus: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 incus: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-a9017d0297 (incus-6.23-1.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-a9017d0297
---
FEDORA-2026-a9017d0297 has been pushed to the Fedora 4
Bugzilla
CVE-2025-47910 golang-x-perf: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-x-perf: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-x-perf: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-47910 golang-sigs-k8s-aws-iam-authenticator: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-sigs-k8s-aws-iam-authenticator: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-sigs-k8s-aws-iam-authenticator: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-47910 cri-o: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 cri-o: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 cri-o: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from
Bugzilla
CVE-2025-47910 golang-github-pgaskin-koboutils: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-github-pgaskin-koboutils: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-github-pgaskin-koboutils: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-47910 cadvisor: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 cadvisor: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 cadvisor: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fr
Bugzilla
CVE-2025-47910 golang-sr-emersion-gqlclient: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 golang-sr-emersion-gqlclient: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 golang-sr-emersion-gqlclient: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-47910 gitjacker: CrossOriginProtection bypass in net/http [fedora-42]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 gitjacker: CrossOriginProtection bypass in net/http [fedora-42]
CVE-2025-47910 gitjacker: CrossOriginProtection bypass in net/http [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports f
Bugzilla
CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http [epel-8]
bugzilla·2025-09-25·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http [epel-8]
CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http [epel-8]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This vulnerability was introduced in golang 1.25.0. The current epel8 build was built with golang 1.19.13, and thus is not affected.
Bugzilla
CVE-2025-47910 net/http: CrossOriginProtection bypass in net/http
bugzilla·2025-09-22·CVSS 5.4
CVE-2025-47910 [MEDIUM] CVE-2025-47910 net/http: CrossOriginProtection bypass in net/http
CVE-2025-47910 net/http: CrossOriginProtection bypass in net/http
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
Discussion:
Note: this is fixed in Golang 1.24.7 and 1.25.1 (https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ). A mass-rebuild of the packages listed in blocking bugs will fix this.
---
Other aliases for this are GHSA-8pjc-487g-w6p2 and GO-2025-3955:
https://github.com/advisories/GHSA-8pjc-487g-w6p2
https://pkg.go.dev/vuln/GO-2025-3955
---
(In reply to Dominik 'Rathann' Mierzejewski from comment #1)
>
2025-09-22
Published