Neild

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** The `NewNTUnicodeString()` function does not check for string length overflow. When provided with a string that exceeds the maximum size of a NTUnicodeString (a 16-bit number of bytes), the function returns a truncated string instead of generating an error. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ReverseProxy (affected versions not specified) **Description** ReverseProxy can forward queries containing parameters that are not visible to Rewrite functions. When utilizing a Rewrite function or a Director function that parses query parameters, ReverseProxy sanitizes the forwarded request by removing parameters not parsed by `url.ParseQuery`. However, it fails to account for the total query parameter limit defined by `GODEBUG=urlmaxqueryparams=N`. This allows a request to forward a parameter, such as `hidden=y`, while keeping it hidden from the proxy's Rewrite function by exceeding the parameter limit with other entries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.