VDB
KO

GO-2025-3554

Reflected XSS in go-httpbin due to unrestricted client control over Content-Type in github.com/mccutchen/go-httpbin

Details

Reflected XSS in go-httpbin due to unrestricted client control over Content-Type in github.com/mccutchen/go-httpbin

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/mccutchen/go-httpbin
Introduced in: 0

No fixed version published yet for github.com/mccutchen/go-httpbin (go modules). Pin to a known-safe version or switch to an alternative.

Go / github.com/mccutchen/go-httpbin/v2
Introduced in: 0 Fixed in: 2.18.0
Fix go get github.com/mccutchen/go-httpbin/v2@v2.18.0

References