Google Git
Sign in
go/vulndb/e098cf26c731277fb2fa5807a98212ed686f1b21/./data/osv/GO-2025-4113.json
blob: 47b1b342c4ba83de6b54f9887bc031c6a09e563e [file]
{
"schema_version": "1.3.1",
"id": "GO-2025-4113",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2025-64484",
"GHSA-vjrc-mh2v-45x6"
],
"summary": "OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation in github.com/oauth2-proxy/oauth2-proxy",
"details": "OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation in github.com/oauth2-proxy/oauth2-proxy",
"affected": [
{
"package": {
"name": "github.com/oauth2-proxy/oauth2-proxy",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/oauth2-proxy/oauth2-proxy/v7",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "7.13.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-vjrc-mh2v-45x6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64484"
},
{
"type": "FIX",
"url": "https://github.com/oauth2-proxy/oauth2-proxy/commit/f3f30fa976fb4bb97d6345ba4735cb6d86e24f95"
},
{
"type": "WEB",
"url": "https://datatracker.ietf.org/doc/html/rfc2616#section-4.2"
},
{
"type": "WEB",
"url": "https://datatracker.ietf.org/doc/html/rfc822#section-3.2"
},
{
"type": "WEB",
"url": "https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.13.0"
},
{
"type": "WEB",
"url": "https://github.security.telekom.com/2020/05/smuggling-http-headers-through-reverse-proxies.html"
},
{
"type": "WEB",
"url": "https://www.uptimia.com/questions/why-are-http-headers-with-underscores-dropped-by-nginx"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2025-4113",
"review_status": "UNREVIEWED"
}
}