neurosnap
commented
2 years ago Thanks for submitting this issue!
From: https://nvd.nist.gov/vuln/detail/CVE-2021-44716
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
We plan to upgrade golang shortly to address this potential issue. Thank you for your patience.
It looks like there is a known issue https://nvd.nist.gov/vuln/detail/CVE-2021-44716 that is being detected with supercronic. I assume one of the dependencies used has this problem. Probably a fix is to update net/http to 1.17.6