Critical vulnerability in stdlib 1.24.1 in docker.io/traefik/whoami:v1.11.0 (CVE-2025-22871 )

[devkSerge]

Welcome!

• Yes, I've searched similar issues on GitHub and didn't find any.

What did you expect to see?

Hi, AquaSec found a critical vulnerability in whoami:v1.11.0 - stdlib 1.24.1 (CVE-2025-22871):

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Installed Resource: stdlib 1.24.1
Full Path To Resource: whoami
Fixed Version: 1.23.8, 1.24.2
Published by NVD: 2025-04-08
CVSS Score: NVD CVSSv3 9.1
Recommendations: Remediation
Upgrade package stdlib to version 1.23.8,1.24.2 or above.
Mitigation: N/A

Is it possible to run a new Docker build?

Thanks

[eddyacthergal]

Hello,
Any news regarding this request ? I have same problem and would need an update, otherwise I've to re-build the docker image by myself.

thanks