—

GO-2026-5232

Unauthenticated Open Redirect, Arbitrary HTTP Response Header Injection, Missing CSRF, and Invisible-Mode Bypass in goshs `/?redirect` endpoint in github.com/patrickhener/goshs

Details

Unauthenticated Open Redirect, Arbitrary HTTP Response Header Injection, Missing CSRF, and Invisible-Mode Bypass in goshs `/?redirect` endpoint in github.com/patrickhener/goshs

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/patrickhener/goshs

Introduced in: 0

No fixed version published yet for github.com/patrickhener/goshs (go modules). Pin to a known-safe version or switch to an alternative.

Go / github.com/patrickhener/goshs/v2

Introduced in: 0

No fixed version published yet for github.com/patrickhener/goshs/v2 (go modules). Pin to a known-safe version or switch to an alternative.

References

https://github.com/patrickhener/goshs/security/advisories/GHSA-7qx6-f23w-3w7f [ADVISORY]