CLEANSTART-2026-PG91940

Import Source

https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-PG91940.json

JSON Data

https://api.osv.dev/v1/vulns/CLEANSTART-2026-PG91940

Upstream

CVE-2025-22871

CVE-2025-4673

CVE-2025-47907

CVE-2025-58183

CVE-2025-58185

CVE-2025-58187

CVE-2025-58188

CVE-2025-58189

CVE-2025-61723

CVE-2025-61724

CVE-2025-61725

CVE-2025-61727

CVE-2025-61729

GHSA-f6x5-jh6r-wrfv

GHSA-hcg3-q754-cr77

GHSA-j5w8-q4qc-rx2x

GHSA-mh63-6h87-95cp

GHSA-qxp5-gwg8-xv66

GHSA-vvgc-356p-c3xw

Published

2026-01-30T15:31:24.365282Z

Modified

2026-01-29T18:58:54Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Details

Multiple security vulnerabilities affect the harbor-registry package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details.

References

Affected packages

CleanStart / harbor-registry

Package

Name: harbor-registry

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.0.1-r2

Database specific

source

"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-PG91940.json"