CLEANSTART-2026-PG91940

Import Source

https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-PG91940.json

JSON Data

https://api.test.osv.dev/v1/vulns/CLEANSTART-2026-PG91940

Upstream

CVE-2025-22871

CVE-2025-4673

CVE-2025-47907

CVE-2025-58183

CVE-2025-58185

CVE-2025-58187

CVE-2025-58188

CVE-2025-58189

CVE-2025-61723

CVE-2025-61724

CVE-2025-61725

CVE-2025-61727

CVE-2025-61729

GHSA-F6X5-JH6R-WRFV

GHSA-HCG3-Q754-CR77

GHSA-J5W8-Q4QC-RX2X

GHSA-MH63-6H87-95CP

GHSA-QXP5-GWG8-XV66

GHSA-VVGC-356P-C3XW

Published

2026-01-30T15:31:24.365282Z

Modified

2026-04-02T08:47:48.303681399Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Details

Multiple security vulnerabilities affect the harbor-registry package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details.

References

Affected packages

CleanStart / harbor-registry

Package

Name: harbor-registry

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.0.1-r2

Database specific

source

"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-PG91940.json"