search

sbecker59 / terraform-provider-statuspage

Terraform Statuspage provider
https://registry.terraform.io/providers/sbecker59/statuspage/
Mozilla Public License 2.0
8 stars 5 forks source link

fix(CVE-2022-41717): Upgrade golang.org/x/net/http2 #146

Closed sbecker59 closed 1 year ago

sbecker59 commented 1 year ago

CVE-2022-41717

Overview

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

How to fix?

Upgrade golang.org/x/net/http2 to version 0.4.0

replace golang.org/x/net => golang.org/x/net v0.4.0
codecov[bot] commented 1 year ago

Codecov Report

Base: 80.53% // Head: 80.53% // No change to project coverage :thumbsup:

Coverage data is based on head (fa8ad84) compared to base (d2cdd65). Patch has no changes to coverable lines.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #146 +/- ## ======================================= Coverage 80.53% 80.53% ======================================= Files 17 17 Lines 2004 2004 ======================================= Hits 1614 1614 Misses 316 316 Partials 74 74 ``` Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=S%C3%A9bastien+BECKER). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=S%C3%A9bastien+BECKER)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.