You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
This was flagged in a Snyk security report, and the package appears to be a downstream dependency of golang.org/x/crypto to the best of my ability to determine. The dependencies for this package in go.mod appear to be pointing to specific commits, so I'm not sure what the history is there, and what the best path for remediation is.
golang.org//grpc versions <1.56.3 >=1.57.0 <1.57.1 >=1.58.0 <1.58.3 are vulnerable to https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328
This was flagged in a Snyk security report, and the package appears to be a downstream dependency of
golang.org/x/cryptoto the best of my ability to determine. The dependencies for this package ingo.modappear to be pointing to specific commits, so I'm not sure what the history is there, and what the best path for remediation is.https://www.cve.org/CVERecord?id=CVE-2023-44487
https://www.mend.io/vulnerability-database/CVE-2023-44487
The text was updated successfully, but these errors were encountered: