Closed sbecker59 closed 1 year ago
Base: 80.53% // Head: 80.53% // No change to project coverage :thumbsup:
Coverage data is based on head (
fa8ad84
) compared to base (d2cdd65
). Patch has no changes to coverable lines.
:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
CVE-2022-41717
Overview
golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.
How to fix?
Upgrade golang.org/x/net/http2 to version 0.4.0