CNNVD-202508-648 Information
Aug 07, 2025
cve
CNNVD ID
CNNVD-202508-648
Related CVE
- CNNVD Published: 2025-08-07
Description (Chinese)
Lego是go-acme开源的一个用Go编写的库。 Lego 4.25.1及之前版本存在安全漏洞,该漏洞源于未强制使用HTTPS与CA通信,可能泄露敏感信息。
Description (English)
Lego is a Go-acme open source library developed by Go. Lego 4.25.1 and previous versions had a security loophole, which stemmed from the failure to enforce the use of HTTPS and CA communications, which could leak sensitive information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
go-acme
Published
2025-08-07
Last Modified
2026-02-24
References
https://github.com/go-acme/lego/commit/238454b5f74f3cfcbb244ff0d0dc914a4ad44b96 https://github.com/go-acme/lego/security/advisories/GHSA-q82r-2j7m-9rv4
Patch
https://go-acme.github.io/lego/installation/index.html
Share on: