[GH-ISSUE #193] CVE GO-2025-3563 #50

New issue

Closed

opened 2026-03-03 15:29:53 +03:00 by kerem · 1 comment

kerem commented 2026-03-03 15:29:53 +03:00

Owner

Copy link

Originally created by @mcbenjemaa on GitHub (May 19, 2025).
Original GitHub issue: https://github.com/luthermonson/go-proxmox/issues/193

Request smuggling due to acceptance of invalid chunked data in net/http
More info: https://pkg.go.dev/vuln/GO-2025-3563
Standard library
Found in: net/http/internal@go1.23.7
Fixed in: net/http/internal@go1.23.8
Example traces found:

proxmox.VirtualMachine.Delete

which eventually calls internal.chunkedReader.Read

Originally created by @mcbenjemaa on GitHub (May 19, 2025). Original GitHub issue: https://github.com/luthermonson/go-proxmox/issues/193 Request smuggling due to acceptance of invalid chunked data in net/http More info: https://pkg.go.dev/vuln/GO-2025-3563 Standard library Found in: net/http/internal@go1.23.7 Fixed in: net/http/internal@go1.23.8 Example traces found: ``` proxmox.VirtualMachine.Delete ``` which eventually calls internal.chunkedReader.Read

kerem closed this issue 2026-03-03 15:29:53 +03:00

kerem commented 2026-03-03 15:29:54 +03:00

Author

Owner

Copy link

@luthermonson commented on GitHub (Feb 14, 2026):

we are on 1.25 now, this is now fixed.

<!-- gh-comment-id:3900546225 --> @luthermonson commented on GitHub (Feb 14, 2026): we are on 1.25 now, this is now fixed.

kerem referenced this issue 2026-03-03 15:30:13 +03:00

[PR #50] [MERGED] adding nocloud cloud-init functionality #104

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix-storage

more-coverage

group-tests

codecov

v0.4.1

v0.4.0

v0.3.2

v0.3.1

v0.3.0

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.1

v0.1.0

v0.0.0-beta6

v0.0.0-beta5

v0.0.0-beta4

v0.0.0-beta3

v0.0.0-beta2

v0.0.0-beta1

v0.0.0-alpha10

v0.0.0-alpha9

v0.0.0-alpha8

v0.0.0-alpha7

v0.0.0-alpha6

v0.0.0-alpha5

v0.0.0-alpha4

v0.0.0-alpha3

v0.0.0-alpha2

v0.0.0-alpha1

tests

Labels

Clear labels   

pull-request

Mirrored from GitHub Pull Request

No labels

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/go-proxmox#50

No description provided.