-
Task
-
Resolution: Unresolved
-
Major
-
None
-
None
-
1
-
False
-
-
False
-
No
-
No
-
-
-
Model Serving Sprint 2.9-2
-
Testable
Detailed paths
Introduced through: github.com/opendatahub-io/odh-model-controller@0.0.0 › golang.org/x/net@v0.19.0
Introduced through: github.com/opendatahub-io/odh-model-controller@0.0.0 › cloud.google.com/go/compute@v1.23.3 › golang.org/x/net@v0.19.0
Introduced through: github.com/opendatahub-io/odh-model-controller@0.0.0 › cloud.google.com/go/iam@v1.1.5 › golang.org/x/net@v0.19.0
…and 1518 more
Security information
Factors contributing to the scoring: * Snyk: CVSS 7.5 - High Severity
- NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.