Language:

Information about definition

Identificator: INFSA-2025:9063

Type: security

Release date: 2025-07-15 19:33:58 UTC

Information about package

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Vulnerabilities description

CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Severity level

CVE	Score CVSS 2.0	Score CVSS 3.x	Score CVSS 4.0

Critical, important, moderate, low

Updated packages

INFSA-2025:9063: git-lfs security update

Information about definition