net/http in Go prior to 1.15.12 and 1.16.x prior to 1.16.4 allows remote malicious users to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
golang go |
||
fedoraproject fedora 34 |