GHSA-rg3p-p27c-2f39HighCVSS 7.3

gohttp is vulnerable to directory traversal via a crafted request

Published
May 19, 2026
Last Modified
June 4, 2026

🔗 CVE IDs covered (1)

CVE-2025-70950

📋 Description

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request.

🎯 Affected products1

  • go/github.com/itang/gohttp:<= 0.0.0-20170713062009-34ea516ae408

🔗 References (4)