BDU:2025-11595

Уязвимость языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю повысить свои привилегии

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

References:

CVE-2025-47906

Published: 2025-08-12

BDU:2025-11599

Уязвимость языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

CVE-2025-47910

Published: 2025-09-18
Modified: 2025-09-19

CVE-2025-47906

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

References:

Published: 2025-09-22
Modified: 2025-09-24

CVE-2025-47910

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

Version: 2.1.2

Package prometheus-podman-exporter update in sisyphus_riscv64 on 2025-10-06

ALT-PU-2025-12726-1

Closed vulnerabilities

BDU:2025-11595

BDU:2025-11599

CVE-2025-47906

CVE-2025-47910