CNNVD-202509-3228 Information

Sep 22, 2025 cve

CNNVD ID

CNNVD-202509-3228

CVE-2025-47910

  • CNNVD Published: 2025-09-22

Description (Chinese)

Google Go是美国谷歌(Google)公司的一种静态强类型、编译型、并发型,并具有垃圾回收功能的编程语言。 Google Go存在安全漏洞,该漏洞源于AddInsecureBypassPattern方法可能意外绕过更多请求,导致跳过验证并转发原始请求路径,可能由不同处理程序处理而缺少预期的安全保护。

Description (English)

Google Go is a static type, compiler, hairdresser of Google and a programme language with a garbage recovery function. Google Go has a security loophole, which stems from the fact that the AddInsecure BypassPattern approach may inadvertently bypass more requests, leading to the bypassing and forwarding of the original request path, which may be handled by different processing procedures without the desired security protection.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GoPlace!

Published

2025-09-22

Last Modified

2026-02-24

References

https://pkg.go.dev/vuln/GO-2025-3955 https://go.dev/cl/699275 https://go.dev/issue/75054 https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ https://vigilance.fr/vulnerability/Go-ingress-filtrering-bypass-via-net- https://access.redhat.com/security/cve/cve-2025-47910

Patch

https://pkg.go.dev/vuln/GO-2025-3955

Share on: