GHSA-p4f6-h8jj-vfvf

Опубликовано: 02 янв. 2026

Источник: github

Github: Прошло ревью

CVSS4: 1.3

Описание

Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-528q-4pgm-wvg2. This link is maintained to preserve external references.

Original Description

A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Ссылки

https://github.com/mccutchen/go-httpbin/security/advisories/GHSA-528q-4pgm-wvg2
https://nvd.nist.gov/vuln/detail/CVE-2025-45286
https://github.com/advisories/GHSA-528q-4pgm-wvg2

Пакеты

Наименование

github.com/mccutchen/go-httpbin/v2

Затронутые версииВерсия исправления

< 2.18.0

2.18.0

Наименование

github.com/mccutchen/go-httpbin

Затронутые версииВерсия исправления

<= 1.1.1

Отсутствует

1.3 Low

CVSS4

Дефекты

CWE-79

1.3 Low

CVSS4

Дефекты

CWE-79