mirror of
https://github.com/rclone/rclone.git
synced 2026-05-12 10:03:35 -04:00
869f777594
- CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database - CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters - CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on Windows - CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase - CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment - CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable temporary filenames - CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE - CVE-2026-39826: html/template: escaper bypass leads to XSS - CVE-2026-33811: net: crash when handling long CNAME response - CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS