What happened:
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
What you expected to happen:
Package
Affected versions
Patched version
golang.org/x/net
(Go)
< 0.0.0-20220906165146-f3363e06e74c
0.0.0-20220906165146-f3363e06e74c
How to reproduce it (as minimally and precisely as possible):
N/A
Anything else we need to know?:
Upgrade golang.org/x/net to version 0.7.0 or later. For example:
What happened: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
What you expected to happen: Package Affected versions Patched version golang.org/x/net (Go) < 0.0.0-20220906165146-f3363e06e74c 0.0.0-20220906165146-f3363e06e74c
How to reproduce it (as minimally and precisely as possible): N/A
Anything else we need to know?: Upgrade golang.org/x/net to version 0.7.0 or later. For example:
require golang.org/x/net v0.7.0
Environment:
kubectl version):