golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion
Overview
Source
ID
GHSA-h86h-8ppg-mxmh
Aliases
BIT-golang-2021-31525
CVE-2021-31525
GO-2022-0236
Affected package
Description
golang.org/x/net/http/httpguts in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
Impact
Severity
help_outline
Latest version of the CVSS score reported by the source of the advisory.
5.9 MODERATE
Reference links
Summary
70.46k
Total packages affected
help_outline
Packages with at least one version that is affected by the advisory or has an affected dependency.
9.63k
Packages with a known fix
help_outline
Packages with versions affected by the advisory that have a greater version that is not affected.
5.35%
Total ecosystem affected
help_outline
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.0.0-20210428140749-89ef3d95e781
Patched/Unaffected
Affected