1 results (0.003 seconds)
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22870 – HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
https://notcve.org/view.php?id=CVE-2025-22870
12 Mar 2025 — Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. • https://go.dev/cl/654697 • CWE-115: Misinterpretation of Input •