Vulnerability Database

302,032

Total vulnerabilities in the database

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency

The standard library net/http package dependency used by File Browser improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. I can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

See https://nvd.nist.gov/vuln/detail/CVE-2025-22871 for more details.

Published: Nov 13, 2025
Updated: Nov 14, 2025
GHSA: GHSA-6jqf-mv7m-3q7p
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-1395

Affected Software
References

Software	From	Fixed in
github.com/filebrowser/filebrowser/v2	-	2.45.2

https://github.com/filebrowser/filebrowser/security/advisories/GHSA-6jqf-mv7m-3q7p

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo