Open tecnobrat opened 8 months ago
There is a HTTP/2 vulnerability CVE-2023-44487
Golang has this issue which they are tracking fixes: https://github.com/golang/go/issues/63417
I did a scan with snyk which returns:
snyk
✗ High severity vulnerability found in google.golang.org/grpc Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 Introduced through: google.golang.org/grpc@1.50.1, github.com/mwitkow/grpc-proxy/proxy@#0f1106ef9c76, github.com/osrg/gobgp/v3/api@3.8.0, github.com/osrg/gobgp/v3/pkg/server@3.8.0, github.com/osrg/gobgp/v3/pkg/config@3.8.0 From: google.golang.org/grpc@1.50.1 From: github.com/mwitkow/grpc-proxy/proxy@#0f1106ef9c76 > google.golang.org/grpc@1.50.1 From: github.com/osrg/gobgp/v3/api@3.8.0 > google.golang.org/grpc@1.50.1 and 4 more... Fixed in: 1.56.3, 1.57.1, 1.58.3
Could @dependabot help here?
There is a HTTP/2 vulnerability CVE-2023-44487
Golang has this issue which they are tracking fixes: https://github.com/golang/go/issues/63417
I did a scan with
snyk
which returns: