golang.org/x/net/http2 allows uncontrolled memory consumption
High severity
GitHub Reviewed
Published
Jan 2, 2022
to the GitHub Advisory Database
•
Updated Feb 8, 2023
Package
Affected versions
< 0.0.0-20211209124913-491a49abca63
Patched versions
0.0.0-20211209124913-491a49abca63
Description
Published by the National Vulnerability Database
Jan 1, 2022
Published to the GitHub Advisory Database
Jan 2, 2022
Reviewed
Feb 8, 2023
Last updated
Feb 8, 2023
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
References