new vulnerability in github.com/oauth2-proxy/oauth2-proxy/v7

sampion88 · sampion88 · commit 6b86896d4112 · 2025-11-11T10:37:51.000+01:00
diff --git a/input/new.json b/input/new.json
@@ -1,15 +1,25 @@
 {
-  "package_name": "",
-  "patch_versions": [],
-  "vulnerable_ranges": [],
-  "cwe": [],
-  "tldr": "",
-  "doest_this_affect_me": "",
-  "how_to_fix": "",
-  "vulnerable_to": "",
-  "related_cve_id": "",
-  "language": "",
-  "severity_class": "",
-  "aikido_score": 0,
-  "changelog": ""
+  "package_name": "github.com/oauth2-proxy/oauth2-proxy/v7",
+  "patch_versions": [
+    "7.13.0"
+  ],
+  "vulnerable_ranges": [
+    [
+      "7.0.0",
+      "7.12.0"
+    ]
+  ],
+  "cwe": [
+    "CWE-918"
+  ],
+  "tldr": "Affected versions of this package are vulnerable to server-side request forgery (SSRF) via header smuggling. Authenticated users can inject underscore-prefixed `X-Forwarded_*` headers (e.g., `X_Forwarded-For`) which bypass the normal stripping logic, allowing privilege escalation or impersonation of upstream clients.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `github.com/oauth2-proxy/oauth2-proxy/v7` library to a patch version.",
+  "reporter": "",
+  "vulnerable_to": "Server-side Request Forgery (SSRF)",
+  "related_cve_id": "CVE-2025-64484",
+  "language": "GO",
+  "severity_class": "HIGH",
+  "aikido_score": 85,
+  "changelog": "https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.13.0"
 }
