Security Advisory

CVE-2025-47912

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-29 22:10:13

Last updated 2025-11-04 21:10:57

Assigner Go

State PUBLISHED

Description

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

← Browse all CVEs View on cve.org ↗