Uploaded image for project: 'Red Hat OpenShift AI Engineering'
  1. Red Hat OpenShift AI Engineering
  2. RHOAIENG-5304

[odh-model-controller] golang.org/x/net Allocation of Resources Without Limits or Throttling

XMLWordPrintable

    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • No
    • No
    • Model Serving Sprint 2.9-2
    • Testable

      CVE-2023-45288

       

      Detailed paths

      • Introduced through: github.com/opendatahub-io/odh-model-controller@0.0.0 › golang.org/x/net@v0.19.0

      • Introduced through: github.com/opendatahub-io/odh-model-controller@0.0.0 › cloud.google.com/go/compute@v1.23.3 › golang.org/x/net@v0.19.0

      • Introduced through: github.com/opendatahub-io/odh-model-controller@0.0.0 › cloud.google.com/go/iam@v1.1.5 › golang.org/x/net@v0.19.0

      …and 1518 more

      Security information

      Factors contributing to the scoring: * Snyk: CVSS 7.5 - High Severity

      • NVD: Not available. NVD has not yet published its analysis.

      Why are the scores different? Learn how Snyk evaluates vulnerability scores

      Overview

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

            Unassigned Unassigned
            rhn-support-fspolti Filippe Spolti
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: