Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY…
Go·CWE-115·Published 2025-03-12
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
La coincidencia de hosts con patrones de proxy puede tratar incorrectamente un ID de zona IPv6 como un componente de nombre de host. Por ejemplo, si la variable de entorno NO_PROXY se establece en "*.example.com", una solicitud a "[::1%25.example.com]:80` coincidirá incorrectamente y no se procesará mediante proxy.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 4.4 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |
| 3.1 | Primary | cve.org | 4.4 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |
| 3.1 | Secondary | NVD | 4.4 | 1.8 | 2.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |
| 3.1 | Secondary | GHSA | 4.4 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |