GHSA-6jqf-mv7m-3q7p: File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency

Severity: Critical

CVSS Score: 9.1

The standard library `net/http` package dependency used by File Browser improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. I can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. See https://nvd.nist.gov/vuln/detail/CVE-2025-22871 for more details.