HTTP/2 request could cause a deny of service

Moderate

nmengin published GHSA-7v4p-328v-8v5g

Oct 12, 2023

Package

Go (Go)

Affected versions

<=1.21.2, <=1.20.9

Patched versions

1.21.3, 1.20.10

Traefik (Go)

<= v2.10.4, <= v3.0.0-beta3

v2.10.5, v3.0.0-beta4

Description

Impact

There is a vulnerability in GO managing HTTP/2 requests, which impacts Traefik.
This vulnerability could be exploited to cause a denial of service.

References

Patches

Workarounds

No workaround.

For more information

If you have any questions or comments about this advisory, please open an issue.