Go Standard Library Net Http Httputil vulnerabilities
2 known vulnerabilities affecting go_standard_library/net_http_httputil.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-2880P3HIGHCVSS 7.5fixed in 1.18.7≥ 1.19.0-0, < 1.19.22022-10-14
CVE-2022-2880 [HIGH] CWE-444 CVE-2022-2880: Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, includ
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound requ
nvd
CVE-2026-39825P4MEDIUMCVSS 5.3fixed in 1.25.10≥ 1.26.0-0, < 1.26.32026-05-07
CVE-2026-39825 [MEDIUM] CVE-2026-39825: ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used w
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of
nvd