A superscript-1 walks past every Go SSRF guard
TL;DR. golang.org/x/net/idna.Lookup.ToASCII runs UTS-46 NFKC mapping 0-9. A pre-IDNA net.ParseIP check rejects the NO_PROXY lists, TLS-SNI routers, and cookie-domain validators that TrimRight + ParseAddr golang.org/x/net/http/httpproxy, the canonical safe pattern, and two I ran into this one while w
ORIGINAL SOURCE →via Dev.to
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] ASEAN and the Middle East Crisis: Economic Vulnerability, Regionalism, and the Long History of External Energy Dependence
- [CYBER] CISA Alert Highlights Active Exploitation of cPanel & WHM Security Bug
- [CYBER] cPanel Vulnerability Exploited to Compromise Government and Military Servers
- [CYBER] 15-year-old detained over massive data breach at French government agency
- [CYBER] Over 40,000 Servers Compromised in Ongoing cPanel Exploitation
- [CYBER] Attackers Hijack SAP npm Packages to Steal Dev Secrets