GHSA-84g5-x8j3-7235: Netfoil has incorrect allowlist enforcement

April 29, 2026

Rules could be bypassed by changing the first character: example.com could be be bypassed by e.g. fxample.com.

References

github.com/advisories/GHSA-84g5-x8j3-7235
github.com/tinfoil-factory/netfoil
github.com/tinfoil-factory/netfoil/commit/0ca054acf97b011e4fdd40392475c7786b975ec3
github.com/tinfoil-factory/netfoil/releases/tag/v0.2.1
github.com/tinfoil-factory/netfoil/security/advisories/GHSA-84g5-x8j3-7235

Code Behaviors & Features

Detect and mitigate GHSA-84g5-x8j3-7235 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →