CVE-2022-2583: gobase subject to Incorrect routing of some HTTP requests when using httpauth due to a race condition

February 11, 2022 (updated February 2, 2026)

Incorrect routing of some HTTP requests when using httpauth due to a race condition

References

github.com/advisories/GHSA-h2x7-2ff6-v32p
github.com/ntbosscher/gobase
github.com/ntbosscher/gobase/commit/a8d40bce9c429d324122d18c446924dab809e812
github.com/ntbosscher/gobase/security/advisories/GHSA-h2x7-2ff6-v32p
nvd.nist.gov/vuln/detail/CVE-2022-2583
pkg.go.dev/vuln/GO-2022-0400

Code Behaviors & Features

Detect and mitigate CVE-2022-2583 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →