Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-45338 - golang.org/x/net #4009

Open
sbstn-dev opened this issue Jan 9, 2025 · 2 comments
Open

CVE-2024-45338 - golang.org/x/net #4009

sbstn-dev opened this issue Jan 9, 2025 · 2 comments
Assignees
@shraddhabang
Labels
triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@sbstn-dev
Copy link

Helm version: 1.11.0
App version: v2.11.0

AWS Inspector report vulnerabilities:

CVE-2024-45338 - golang.org/x/net

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Installed version / Fixed version
0.26.0 / 0.33.0
@shraddhabang shraddhabang mentioned this issue Jan 9, 2025
Merged
6 tasks
@shraddhabang shraddhabang added the triage/accepted Indicates an issue or PR is ready to be actively worked on. label Jan 9, 2025
@shraddhabang shraddhabang self-assigned this Jan 9, 2025
@shraddhabang
Copy link
Collaborator

@sbstn-dev Thanks for bringing this to our attention. I have updated it. We will soon release a patch for it.

@omegion
Copy link

omegion commented Jan 30, 2025

@shraddhabang Why will you release the patch for this CVE?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shraddhabang shraddhabang

Labels
triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sbstn-dev @shraddhabang @omegion