rpm package
almalinux/go-srpm-macros
pkg:rpm/almalinux/go-srpm-macros
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25679 | Hig | 7.5 | < 3.6.0-8.el10_1 | 3.6.0-8.el10_1 | Mar 6, 2026 | url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. | |
| CVE-2025-61726 | — | < 3.6.0-13.el9_7 | 3.6.0-13.el9_7 | Jan 28, 2026 | The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a la | ||
| CVE-2025-47906 | — | < 3.6.0-12.el9_7 | 3.6.0-12.el9_7 | Sep 18, 2025 | If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned. |
- affected < 3.6.0-8.el10_1fixed 3.6.0-8.el10_1
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
- CVE-2025-61726Jan 28, 2026affected < 3.6.0-13.el9_7fixed 3.6.0-13.el9_7
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a la
- CVE-2025-47906Sep 18, 2025affected < 3.6.0-12.el9_7fixed 3.6.0-12.el9_7
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.