Discovery API Icon
Discovery API
Security Advisory Icon
Security Advisory
Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2025-47910

Published: September 4, 2025Last modified: September 10, 2025

Notes

https://github.com/golang/go/issues/75054 net/http: `CrossOriginProtection` insecure bypass patterns not limited to exact matches Introduced in 1.25. Alpine's tagging of 1.24.7 secfixes seems to be a mistake (the release announcement from Go team is very awkwardly worded). Corrected in https://gitlab.alpinelinux.org/alpine/aports/-/commit/33a43cf6

Status

ProductReleasePackageStatus
Alpaquita LinuxStreamgoFixed (1.25.1-r0)
Hardened ContainersStreamgoFixed (1.25.1-r0)
ON THIS PAGE