CVE-2023-44487

Uncontrolled Resource Consumption in go/golang.org/x/net/html

Identifiers

GHSA-qppj-fm5r-hxr3, GHSA-vx74-f528-fxqg, GHSA-xpw8-rcwv-8f8p, GHSA-2m7v-gc89-fjqf, CVE-2023-44487

Package Slug

go/golang.org/x/net/html

Vulnerability

Uncontrolled Resource Consumption

Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Affected Versions

All versions before 0.17.0

Solution

Upgrade to version 0.17.0 or above.

Last Modified

2023-11-16

source