Closed tulioncds closed 3 months ago
@tulioncds thx for the PR. Missing a go mod tidy
Error: ../../../go/pkg/mod/github.com/!azure/azure-sdk-for-go/sdk/azcore@v1.9.1/runtime/transport_default_http_client.go:15:2: missing go.sum entry for module providing package golang.org/x/net/http2 (imported by github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime); to add:
go get github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime@v1.9.1
Error: ../../../go/pkg/mod/github.com/jcmturner/rpc/v2@v2.0.3/mstypes/claims.go:10:2: missing go.sum entry for module providing package golang.org/x/net/http2/hpack (imported by github.com/jcmturner/rpc/v2/mstypes); to add:
go get github.com/jcmturner/rpc/v2/mstypes@v2.0.3
Error: Process completed with exit code 1.
@tulioncds please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.
@microsoft-github-policy-service agree [company="{your company}"]
Options:
- (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.
@microsoft-github-policy-service agree
- (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.
@microsoft-github-policy-service agree company="Microsoft"
Contributor License Agreement
@microsoft-github-policy-service agree
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 74.74%. Comparing base (
2395b78
) to head (f820109
).
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
CVE-2023-45288: https://osv.dev/vulnerability/GHSA-4v7x-pqxf-cx7m
Summary net/http, x/net/http2: close connections when receiving too many headers
Details An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.