All errata/c10f2/ALT-PU-2025-8219-3
ALT-PU-2025-8219-3

Package update portainer in branch c10f2

Version2.31.0-alt1
Task#387477
Published2026-02-04
Max severityCRITICAL
Severity:

Closed issues (5)

BDU:2025-04014
CRITICAL9.1

Уязвимость пакета net/http языка программирования Go, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнить произвольный код

Published: 2025-04-09Modified: 2025-11-19
CVSS 3.xCRITICAL 9.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS 2.0CRITICAL 9.4
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:N
References
CVE-2025-22871
CRITICAL9.1

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Published: 2025-04-08Modified: 2026-04-15
CVSS 3.xCRITICAL 9.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References
GHSA-5423-jcjm-2gpv
CRITICAL9.1

Traefik affected by Go HTTP Request Smuggling Vulnerability

Published: 2025-04-18
CVSS 3.xCRITICAL 9.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References
GHSA-g9pc-8g42-g6vq
CRITICAL9.1

RoadRunner is at risk of HTTP Request/Response Smuggling through vulnerable dependency

Published: 2025-04-09Modified: 2025-10-24
CVSS 3.xCRITICAL 9.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References