[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-2880":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":37,"duplicate_of":9,"upstream":40,"downstream":41,"duplicates":98,"related":99,"reserved_at":9,"published_at":106,"modified_at":107,"state":108,"summary":109,"references_raw":117,"kevs":149,"epss":150,"epss_history":153,"metrics":422,"affected":428},"CVE-2022-2880","Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[28],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":35,"type":9,"platforms":36,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_455A9E80DFF4DBF2","Exploit Reference (go.dev)","reference","https://go.dev/issue/54663","unknown",0.2,false,[],[38,39],"GO-2022-1038","BIT-golang-2022-2880",[],[42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96],{"_key":43},"SUSE-SU-2022:3668-1",{"_key":45},"SUSE-SU-2022:3669-1",{"_key":47},"SUSE-SU-2023:2312-1",{"_key":49},"OPENSUSE-SU-2024:12391-1",{"_key":51},"OPENSUSE-SU-2024:12392-1",{"_key":53},"MGASA-2022-0377",{"_key":55},"USN-6038-1",{"_key":57},"DEBIAN-CVE-2022-2880",{"_key":59},"UBUNTU-CVE-2022-2880",{"_key":61},"USN-6038-2",{"_key":63},"RHSA-2023:0445",{"_key":65},"RHSA-2023:0708",{"_key":67},"RHSA-2023:2167",{"_key":69},"RHSA-2023:2204",{"_key":71},"RHSA-2023:2780",{"_key":73},"RHSA-2023:2784",{"_key":75},"RHSA-2023:2866",{"_key":77},"RHSA-2023:3613",{"_key":79},"RHSA-2024:0121",{"_key":81},"RHSA-2022:7398",{"_key":83},"RHSA-2023:0328",{"_key":85},"RHSA-2023:0446",{"_key":87},"RHSA-2023:0727",{"_key":89},"RHSA-2023:1275",{"_key":91},"RHSA-2023:2357",{"_key":93},"RHSA-2023:4003",{"_key":95},"RHSA-2024:2988",{"_key":97},"RHSA-2024:3254",[],[100,101,102,103,104,105],{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},"2022-10-14T00:00:00.000Z","2025-02-13T16:32:39.111Z","Modified",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":110,"epss_score":111,"severity":112,"severity_score":113,"severity_version":114,"severity_source":115,"severity_vector":116,"severity_status":108},"low",0.00031,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[118,127,133,140,145],{"url":32,"sources":119,"tags":122},[120,115,121],"cve.org","osv_go",[123,124,125,126],"Exploit","Issue Tracking","Third Party Advisory","REPORT",{"url":128,"sources":129,"tags":130},"https://go.dev/cl/432976",[120,115,121],[131,132],"Patch","FIX",{"url":134,"sources":135,"tags":136},"https://groups.google.com/g/golang-announce/c/xtuG5faxtaU",[120,115,121],[137,138,139],"Mailing List","Release Notes","WEB",{"url":141,"sources":142,"tags":143},"https://pkg.go.dev/vuln/GO-2022-1038",[120,115],[144],"Vendor Advisory",{"url":146,"sources":147,"tags":148},"https://security.gentoo.org/glsa/202311-09",[120,115],[],[],{"date":151,"score":111,"percentile":152},"2026-06-04",0.09524,[154,157,160,163,166,169,172,175,178,181,184,187,190,193,196,200,203,206,209,212,215,218,221,224,227,230,233,235,238,241,244,247,250,253,256,258,261,264,267,270,273,276,279,282,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,359,362,365,368,371,374,377,380,383,386,389,392,395,398,401,404,407,410,413,416,419],{"date":155,"score":111,"percentile":156},"2025-11-04",0.08018,{"date":158,"score":111,"percentile":159},"2025-11-05",0.08041,{"date":161,"score":111,"percentile":162},"2025-11-06",0.08152,{"date":164,"score":111,"percentile":165},"2025-11-07",0.08172,{"date":167,"score":111,"percentile":168},"2025-11-08",0.08178,{"date":170,"score":111,"percentile":171},"2025-11-09",0.08148,{"date":173,"score":111,"percentile":174},"2025-11-10",0.08118,{"date":176,"score":111,"percentile":177},"2025-11-11",0.08144,{"date":179,"score":111,"percentile":180},"2025-11-12",0.08164,{"date":182,"score":111,"percentile":183},"2025-11-13",0.08203,{"date":185,"score":111,"percentile":186},"2025-11-14",0.08267,{"date":188,"score":111,"percentile":189},"2025-11-15",0.08299,{"date":191,"score":111,"percentile":192},"2025-11-16",0.08317,{"date":194,"score":111,"percentile":195},"2025-11-17",0.08307,{"date":197,"score":198,"percentile":199},"2025-11-18",0.00412,0.58751,{"date":201,"score":198,"percentile":202},"2025-11-19",0.58766,{"date":204,"score":198,"percentile":205},"2025-11-20",0.58756,{"date":207,"score":111,"percentile":208},"2025-11-21",0.08413,{"date":210,"score":111,"percentile":211},"2025-11-22",0.08351,{"date":213,"score":111,"percentile":214},"2025-11-23",0.08341,{"date":216,"score":111,"percentile":217},"2025-11-24",0.08331,{"date":219,"score":111,"percentile":220},"2025-11-25",0.08327,{"date":222,"score":111,"percentile":223},"2025-11-26",0.08334,{"date":225,"score":111,"percentile":226},"2025-11-27",0.08335,{"date":228,"score":111,"percentile":229},"2025-11-28",0.08312,{"date":231,"score":111,"percentile":232},"2025-11-29",0.08347,{"date":234,"score":111,"percentile":232},"2025-11-30",{"date":236,"score":111,"percentile":237},"2025-12-01",0.0838,{"date":239,"score":111,"percentile":240},"2025-12-02",0.08397,{"date":242,"score":111,"percentile":243},"2025-12-03",0.08423,{"date":245,"score":111,"percentile":246},"2025-12-04",0.08412,{"date":248,"score":111,"percentile":249},"2025-12-05",0.08426,{"date":251,"score":111,"percentile":252},"2025-12-06",0.08443,{"date":254,"score":111,"percentile":255},"2025-12-07",0.08449,{"date":257,"score":111,"percentile":252},"2025-12-08",{"date":259,"score":111,"percentile":260},"2025-12-09",0.08482,{"date":262,"score":111,"percentile":263},"2025-12-10",0.08551,{"date":265,"score":111,"percentile":266},"2025-12-11",0.0859,{"date":268,"score":111,"percentile":269},"2025-12-12",0.08606,{"date":271,"score":111,"percentile":272},"2025-12-13",0.08622,{"date":274,"score":111,"percentile":275},"2025-12-14",0.08619,{"date":277,"score":111,"percentile":278},"2025-12-15",0.08546,{"date":280,"score":111,"percentile":281},"2025-12-16",0.0857,{"date":283,"score":111,"percentile":284},"2025-12-17",0.08654,{"date":286,"score":111,"percentile":287},"2025-12-18",0.08707,{"date":289,"score":111,"percentile":290},"2025-12-19",0.08712,{"date":292,"score":111,"percentile":293},"2025-12-20",0.08703,{"date":295,"score":111,"percentile":296},"2025-12-21",0.08647,{"date":298,"score":111,"percentile":299},"2025-12-22",0.08598,{"date":301,"score":111,"percentile":302},"2025-12-23",0.08596,{"date":304,"score":111,"percentile":305},"2025-12-24",0.08611,{"date":307,"score":111,"percentile":308},"2025-12-25",0.08689,{"date":310,"score":111,"percentile":311},"2025-12-26",0.08688,{"date":313,"score":111,"percentile":314},"2025-12-27",0.0867,{"date":316,"score":111,"percentile":317},"2025-12-28",0.08686,{"date":319,"score":111,"percentile":320},"2025-12-29",0.0866,{"date":322,"score":111,"percentile":323},"2025-12-30",0.08626,{"date":325,"score":111,"percentile":326},"2025-12-31",0.08678,{"date":328,"score":111,"percentile":329},"2026-01-01",0.0874,{"date":331,"score":111,"percentile":332},"2026-01-02",0.08737,{"date":334,"score":111,"percentile":335},"2026-01-03",0.08733,{"date":337,"score":111,"percentile":338},"2026-01-04",0.08665,{"date":340,"score":111,"percentile":341},"2026-01-05",0.08616,{"date":343,"score":111,"percentile":344},"2026-01-06",0.08601,{"date":346,"score":111,"percentile":347},"2026-01-07",0.08638,{"date":349,"score":111,"percentile":350},"2026-01-08",0.08711,{"date":352,"score":111,"percentile":353},"2026-01-09",0.08723,{"date":355,"score":111,"percentile":356},"2026-01-10",0.08735,{"date":358,"score":111,"percentile":317},"2026-01-11",{"date":360,"score":111,"percentile":361},"2026-01-12",0.08656,{"date":363,"score":111,"percentile":364},"2026-01-13",0.0862,{"date":366,"score":111,"percentile":367},"2026-01-14",0.08663,{"date":369,"score":111,"percentile":370},"2026-01-15",0.08661,{"date":372,"score":111,"percentile":373},"2026-01-16",0.08692,{"date":375,"score":111,"percentile":376},"2026-01-17",0.08713,{"date":378,"score":111,"percentile":379},"2026-01-18",0.08675,{"date":381,"score":111,"percentile":382},"2026-01-19",0.0863,{"date":384,"score":111,"percentile":385},"2026-01-20",0.08588,{"date":387,"score":111,"percentile":388},"2026-01-21",0.08575,{"date":390,"score":111,"percentile":391},"2026-01-22",0.08542,{"date":393,"score":111,"percentile":394},"2026-01-23",0.08636,{"date":396,"score":111,"percentile":397},"2026-01-24",0.08702,{"date":399,"score":111,"percentile":400},"2026-01-25",0.08672,{"date":402,"score":111,"percentile":403},"2026-01-26",0.08633,{"date":405,"score":111,"percentile":406},"2026-01-27",0.08623,{"date":408,"score":111,"percentile":409},"2026-01-28",0.08605,{"date":411,"score":111,"percentile":412},"2026-01-29",0.08586,{"date":414,"score":111,"percentile":415},"2026-01-30",0.08597,{"date":417,"score":111,"percentile":418},"2026-01-31",0.08614,{"date":420,"score":111,"percentile":421},"2026-02-01",0.08644,[423],{"source":115,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":424,"cvss_v4_0":9},{"baseScore":113,"baseSeverity":425,"vectorString":116,"impactScore":426,"exploitabilityScore":427},"HIGH",6,10,[429,444,454],{"ecosystem":9,"name":430,"vendor":431,"product":430,"cpe_part":432,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":433},"net/http/httputil","go standard library","a",[434,439],{"version":435,"is_range":436,"range_type":120,"version_start":9,"version_start_type":9,"version_end":437,"version_end_type":438,"fixed_in":9},"\u003C 1.18.7",true,"1.18.7","excluding",{"version":440,"is_range":436,"range_type":120,"version_start":441,"version_start_type":442,"version_end":443,"version_end_type":438,"fixed_in":9},">= 1.19.0-0, \u003C 1.19.2","1.19.0-0","including","1.19.2",{"ecosystem":9,"name":445,"vendor":446,"product":445,"cpe_part":432,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":447},"go","golang",[448,451],{"version":449,"is_range":436,"range_type":450,"version_start":9,"version_start_type":9,"version_end":437,"version_end_type":438,"fixed_in":9},"lt1.18.7","cpe",{"version":452,"is_range":436,"range_type":450,"version_start":453,"version_start_type":442,"version_end":443,"version_end_type":438,"fixed_in":9},"gte1.19.0_lt1.19.2","1.19.0",{"ecosystem":455,"name":456,"vendor":455,"product":456,"cpe_part":9,"purl_type":446,"purl_namespace":9,"purl_name":456,"source":9,"versions":457},"Go","stdlib",[458],{"version":459,"is_range":436,"range_type":460,"version_start":441,"version_start_type":442,"version_end":443,"version_end_type":438,"fixed_in":9},"gte1_19_0_0_lt1_19_2","semver"]