VYPR

Lego

by Go Acme

Source repositories

CVEs (2)

  • CVE-2022-30636HigJul 2, 2024
    risk 0.42cvss 7.5epss 0.01

    httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs. /), allowing a user to provide a relative path,…

  • CVE-2025-54799LowAug 7, 2025
    risk 0.08cvss epss 0.00

    Let's Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge…