Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-44487 HTTP/2 rapid reset #939

Open
tecnobrat opened this issue Oct 12, 2023 · 1 comment
Open

CVE-2023-44487 HTTP/2 rapid reset #939

tecnobrat opened this issue Oct 12, 2023 · 1 comment

Comments

@tecnobrat
Copy link

tecnobrat commented Oct 12, 2023
edited

There is a HTTP/2 vulnerability CVE-2023-44487

Golang has this issue which they are tracking fixes: golang/go#63417

I did a scan with snyk which returns:

✗ High severity vulnerability found in google.golang.org/grpc
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328
  Introduced through: google.golang.org/grpc@1.50.1, github.com/mwitkow/grpc-proxy/proxy@#0f1106ef9c76, github.com/osrg/gobgp/v3/api@3.8.0, github.com/osrg/gobgp/v3/pkg/server@3.8.0, github.com/osrg/gobgp/v3/pkg/config@3.8.0
  From: google.golang.org/grpc@1.50.1
  From: github.com/mwitkow/grpc-proxy/proxy@#0f1106ef9c76 > google.golang.org/grpc@1.50.1
  From: github.com/osrg/gobgp/v3/api@3.8.0 > google.golang.org/grpc@1.50.1
  and 4 more...
  Fixed in: 1.56.3, 1.57.1, 1.58.3
@tristanmorgan
Copy link

Could @dependabot help here?

tristanmorgan added a commit to tristanmorgan/fabio that referenced this issue Feb 6, 2024
@tristanmorgan
Bump go versions for fabiolb#939
9c4e191
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tecnobrat @tristanmorgan