CVE-2025-47912

CVE-2025-47912

[net/url: insufficient validation of bracketed IPv6 hostnames]

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be incl ...

GHSA-447v-2qg4-h8hc

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

SUSE-SU-2025:3682-1

Security update for go1.24