Sign In

CVE-2025-47912

ADVISORY - nist

Summary

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

EPSS Scoreโ : 0.00032 (0.089)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfoโ 

ADVISORY - redhat

CWE-1286โ 

Improper Validation of Syntactic Correctness of Input

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in