Filippo Valsorda

**Name of the Vulnerable Software and Affected Versions** Go (affected versions not specified) **Description** Hosts listed in `TrustedOrigins` implicitly allow requests from the corresponding HTTP origins, potentially enabling network attackers to perform Cross-Site Request Forgery (CSRF) attacks. Following the fix for CVE-2025-24358, an attacker attempting to submit a form from `http://example.com` to `https://example.com` is prevented because the Origin header is validated against a synthetic URL using sameOrigin. However, adding a host to `TrustedOrigins` allows both its HTTP and HTTPS origins, as the schema of the synthetic URL is disregarded, and only the host is checked. For instance, if an application hosted on `https://example.com` adds `example.net` to `TrustedOrigins`, an attacker can serve a form at `http://example.net` to execute the attack. **Recommendations** Migrate to `net/http.CrossOriginProtection`, introduced in Go 1.25. If migration to `net/http.CrossOriginProtection` is not feasible, utilize the backport available as a module at `filippo.io/csrf`. Employ the drop-in replacement for the `github.com/gorilla/csrf` API available at `filippo.io/csrf/gorilla`.

**Name of the Vulnerable Software and Affected Versions** golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go golang.org/x/crypto/ssh versions through 1.16.15 golang.org/x/crypto/ssh versions 1.17.x through 1.17.8 **Description** The issue is related to the use of defective cryptographic algorithms in the golang.org/x/crypto/ssh package, which can cause a crash in SSH servers under certain circumstances involving AddHostKey. An attacker can exploit this to crash a server. The vulnerability is triggered when a Signer is passed to ServerConfig.AddHostKey that does not implement AlgorithmSigner and returns a key of type “ssh-rsa” from its PublicKey method. **Recommendations** For golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b, update to a version after 0.0.0-20220314234659-1baeb1ce4c0b. For golang.org/x/crypto/ssh versions through 1.16.15, update to a version after 1.16.15. For golang.org/x/crypto/ssh versions 1.17.x through 1.17.8, update to a version after 1.17.8. As a temporary workaround, consider restricting the use of the AddHostKey function with Signers that do not implement AlgorithmSigner until a patch is available.

**Name of the Vulnerable Software and Affected Versions** gddo versions through 2018-06-27 **Description** The issue allows an attacker to use specially crafted `go-import` tags in packages being fetched to cause a directory traversal and remote code execution. **Recommendations** For versions through 2018-06-27, update to a version that contains a fix for this issue to prevent directory traversal and remote code execution.

**Name of the Vulnerable Software and Affected Versions** Go versions prior to 1.7.6 Go versions 1.8.x prior to 1.8.2 **Description** A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to derive the correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. **Recommendations** For Go versions prior to 1.7.6, update to version 1.7.6 or later. For Go versions 1.8.x prior to 1.8.2, update to version 1.8.2 or later.

**Name of the Vulnerable Software and Affected Versions** Python-RSA versions prior to 3.3 **Description** The issue allows attackers to spoof signatures with a small public exponent via crafted signature padding, also known as a BERserk attack. This affects the verify function in the RSA package for Python. **Recommendations** For versions prior to 3.3, update to version 3.3 or later to resolve the issue. As a temporary workaround, consider implementing additional signature verification checks to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Komodia Redirector with SSL Digestor (affected versions not specified) Lavasoft Ad-Aware Web Companion version 1.1.885.1766 Lavasoft Ad-Aware AdBlocker (alpha) version 1.3.69.1 Qustodio for Windows (affected versions not specified) Atom Security, Inc. StaffCop version 5.8 **Description** The issue concerns the SDK for Komodia Redirector with SSL Digestor, which is used in various products. It does not properly verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers. **Recommendations** For Lavasoft Ad-Aware Web Companion version 1.1.885.1766, update the SSL verification mechanism to properly validate X.509 certificates. For Lavasoft Ad-Aware AdBlocker (alpha) version 1.3.69.1, consider disabling SSL connections until a proper certificate verification mechanism is implemented. For Qustodio for Windows, restrict access to sensitive information until the SSL verification issue is resolved. For Atom Security, Inc. StaffCop version 5.8, disable the use of SSL Digestor until a patch is available that properly verifies X.509 certificates. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Komodia Redirector with SSL Digestor.