ALT-PU-2025-8210-2
Package portainer-agent updated to version 2.31.0-alt1 for branch sisyphus in task 387461.
Closed vulnerabilities
Published: 2025-04-04
BDU:2025-04014
Уязвимость пакета net/http языка программирования Go, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.1)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL (9.4)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N
References:
Published: 2025-04-08
Modified: 2025-04-18
Modified: 2025-04-18
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Severity: CRITICAL (9.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References: