VYPR

net/url

by GO

CVEs (2)

  • CVE-2025-61726Jan 28, 2026
    risk 0.00cvss epss 0.01

    The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a…

  • CVE-2019-14809Aug 13, 2019
    risk 0.00cvss epss 0.08

    net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port…