Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-44487 HTTP/2 rapid reset #939

Closed
tecnobrat opened this issue Oct 12, 2023 · 2 comments
Closed

CVE-2023-44487 HTTP/2 rapid reset #939

tecnobrat opened this issue Oct 12, 2023 · 2 comments
Assignees
@tristanmorgan

Comments

@tecnobrat
Copy link

tecnobrat commented Oct 12, 2023
edited
Loading

There is a HTTP/2 vulnerability CVE-2023-44487

Golang has this issue which they are tracking fixes: golang/go#63417

I did a scan with snyk which returns:

✗ High severity vulnerability found in google.golang.org/grpc
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328
  Introduced through: google.golang.org/[email protected], github.com/mwitkow/grpc-proxy/proxy@#0f1106ef9c76, github.com/osrg/gobgp/v3/[email protected], github.com/osrg/gobgp/v3/pkg/[email protected], github.com/osrg/gobgp/v3/pkg/[email protected]
  From: google.golang.org/[email protected]
  From: github.com/mwitkow/grpc-proxy/proxy@#0f1106ef9c76 > google.golang.org/[email protected]
  From: github.com/osrg/gobgp/v3/[email protected] > google.golang.org/[email protected]
  and 4 more...
  Fixed in: 1.56.3, 1.57.1, 1.58.3
@tristanmorgan
Copy link
Member

Could @dependabot help here?

tristanmorgan added a commit to tristanmorgan/fabio that referenced this issue Feb 6, 2024
@tristanmorgan
Bump go versions for fabiolb#939
9c4e191
tristanmorgan added a commit to tristanmorgan/fabio that referenced this issue Sep 2, 2024
@tristanmorgan
Bump go versions for fabiolb#939
1f42ec3
tristanmorgan added a commit to tristanmorgan/fabio that referenced this issue Sep 2, 2024
@tristanmorgan
Bump go versions for fabiolb#939
14c55ea
tristanmorgan added a commit to tristanmorgan/fabio that referenced this issue Sep 2, 2024
@tristanmorgan
Bump go versions for fabiolb#939
83883bb
tristanmorgan added a commit to tristanmorgan/fabio that referenced this issue Sep 2, 2024
@tristanmorgan
Bump go versions for fabiolb#939
5cfc0c8
@tristanmorgan tristanmorgan self-assigned this Sep 3, 2024
tristanmorgan added a commit to tristanmorgan/fabio that referenced this issue Sep 4, 2024
@tristanmorgan
Bump go versions for fabiolb#939
1ca0334
tristanmorgan added a commit to tristanmorgan/fabio that referenced this issue Sep 5, 2024
@tristanmorgan
Bump go versions for fabiolb#939
817be9c
@tristanmorgan
Copy link
Member

fixed in #952.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tristanmorgan tristanmorgan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tecnobrat @tristanmorgan