AVG-2896 log
| Package | go |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 1.24.3-1 |
| Fixed | 1.24.4-1 |
| Current | 2:1.25.4-1 [extra] |
| Ticket | None |
| Created | Thu Jun 5 19:48:18 2025 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2025-22874 | Medium | Yes | Certificate verification bypass | crypto/x509: When VerifyOptions.KeyUsages includes ExtKeyUsageAny, certificate policy validation is unintentionally disabled. This affects certificate... |
| CVE-2025-4673 | Medium | Yes | Information disclosure | net/http: Proxy-Authorization and Proxy-Authenticate headers were not cleared during cross-origin redirects, potentially leaking sensitive credentials in... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 07 Jun 2025 | ASA-202506-4 | go | multiple issues |