net/http: require exact match for CrossSiteProtection bypass patterns - go - Fork of Go programming language with my patches.

diff options

author	Filippo Valsorda <filippo@golang.org>	2025-08-26 16:52:39 -0400
committer	Gopher Robot <gobot@golang.org>	2025-08-27 08:03:34 -0700
commit	b21867b1a2a8e276257e3cb81f4a1dc7e8f9e2cd (patch)
tree	370e71cf26dab0ef6e1b636116f4db6cc9d1520f /src/debug/elf
parent	d19e377f6ea3b84e94d309894419f2995e7b56bd (diff)
download	go-b21867b1a2a8e276257e3cb81f4a1dc7e8f9e2cd.tar.xz

net/http: require exact match for CrossSiteProtection bypass patterns

Fixes #75054 Fixes CVE-2025-47910 Change-Id: I6a6a696440c45c450d2cd681f418b01aa0422a60 Reviewed-on: https://go-review.googlesource.com/c/go/+/699275 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org>

Diffstat (limited to 'src/debug/elf')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: