Impact If you use the report server, it may be vulnerable to a Denial of Service attack. Patches Has been patched in v0.19.2. References The vulnerability was inherited by the following upstream vulnerabilites golang.org/x/text < v0.3.7 golang.org/x/net < 0.0.0-20220906165146-f3363e06e74c
Impact If you make use of the report receiver server (experimental), a client may be able to forge requests such that arbitrary files on the host can be overwritten (subject to permissions of the yapscan server), leading to loss of data. This is particularly problematic if you do not authenticate clients and/or run the server with elevated permissions. Patches Vulnerable versions: v0.18.0 v0.19.0 (unreleased) This problem is patched in version …