Skip to content

Documented 3 silent security fixes (GHSA: CWE-306, CWE-319, CWE-248) #2578

Description

@canolgun

Not a vulnerability report — these are already fixed. Documenting previously undisclosed silent fixes found via automated analysis.

  1. Auth Downgrade (CWE-306): require_auth added to restrict server auth methods — GHSA-xp64-pqg5-m7q8
  2. TLS Leak (CWE-319): CancelRequest encrypted when TLS used — GHSA-c8m8-h5m7-vw9h
  3. Panic DoS (CWE-248): Geometric text returns error instead of panic — GHSA-m6q6-pmhm-9wcc

CVE IDs requested via GitHub CNA. Tool: bounty-hunter v6.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions