DevGuard Logo

🛡️ DevGuard
Group
/🧩 DevGuard Action
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2025-22871

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Open
MEDIUM (4.5)
  • logo

    System detected CVE-2025-22871

    main
  • logo

    System updated the risk assessment from 0 to 4.5

    0.12.0

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 0 to 4.5

    attest

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 0 to 4.5

    attesting

    System recalculated raw risk assessment

  • logo

    System fixed CVE-2025-22871

    0.12.0
  • logo

    System fixed CVE-2025-22871

    attesting
  • logo

    System fixed CVE-2025-22871

    attest
  • logo

    System detected CVE-2025-22871 with a risk of 4.5

    0.12.0

Add a comment

Mark as False Positive
Last calculated at:

Affected component

stdlib

Installed version:
1.23.1
Fixed in:
v1.23.8
Show in dependency graph

Quick Fix

Update all Dependencies
Update only stdlib

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5