CVE-2025-22871 - CRITICAL - go/stdlib

The last release of redli (v0.15) contains the following vulnerability: [CVE-2025-22871](https://nvd.nist.gov/vuln/detail/CVE-2025-22871)

* Severity: **CRITICAL**
* Description: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

### Affected package

* Name: **go/stdlib**
* Installed version: 0:1.24.0

An update of this package to the version 1.24.2 is required to fix this CVE.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2025-22871 - CRITICAL - go/stdlib #63

Affected package

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2025-22871 - CRITICAL - go/stdlib #63

Description

Affected package

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions