You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
mend-for-github-combot
changed the title
CVE-2021-44716 (High) detected in golang.org/x/net/http2-b3c676e531a6dc479fa1b35ac961c13f5e2b4d2e, prometheusv2.10.0
CVE-2021-44716 (High) detected in github.com/golang/net/http2-b3c676e531a6dc479fa1b35ac961c13f5e2b4d2e, prometheusv2.10.0
Sep 12, 2022
mend-for-github-combot
changed the title
CVE-2021-44716 (High) detected in github.com/golang/net/http2-b3c676e531a6dc479fa1b35ac961c13f5e2b4d2e, prometheusv2.10.0
CVE-2021-44716 (High) detected in prometheusv2.10.0
Feb 21, 2023
CVE-2021-44716 - High Severity Vulnerability
Vulnerable Library - prometheusv2.10.0
The Prometheus monitoring system and time series database.
Library home page: https://github.com/prometheus/prometheus.git
Vulnerable Source Files (0)
Vulnerability Details
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
Publish Date: 2022-01-01
URL: CVE-2021-44716
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-vc3p-29h2-gpcp
Release Date: 2022-01-01
Fix Resolution: github.com/golang/net - 491a49abca63de5e07ef554052d180a1b5fe2d70
The text was updated successfully, but these errors were encountered: