{"id":"GO-2025-3779","summary":"Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens in github.com/octo-sts/app","details":"Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens in github.com/octo-sts/app","aliases":["CVE-2025-52477","GHSA-h3qp-hwvr-9xcq"],"modified":"2026-02-04T02:43:28.915817Z","published":"2025-07-28T19:57:13Z","related":["CGA-w4gx-3ppv-4xx2"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-3779","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/octo-sts/app/security/advisories/GHSA-h3qp-hwvr-9xcq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-52477"},{"type":"FIX","url":"https://github.com/octo-sts/app/commit/0f177fde54f9318e33f0bba6abaea9463a7c3afd"},{"type":"FIX","url":"https://github.com/octo-sts/app/commit/b3976e39bd8c8c217c0670747d34a4499043da92"}],"affected":[{"package":{"name":"github.com/octo-sts/app","ecosystem":"Go","purl":"pkg:golang/github.com/octo-sts/app"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.5.3"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3779.json"}}],"schema_version":"1.7.3"}