CVE-2023-44487 HTTP/2 rapid reset

There is a HTTP/2 vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)

Golang has this issue which they are tracking fixes: https://github.com/golang/go/issues/63417

I did a scan with `snyk` which returns:

```
✗ High severity vulnerability found in google.golang.org/grpc
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328
  Introduced through: google.golang.org/grpc@1.50.1, github.com/mwitkow/grpc-proxy/proxy@#0f1106ef9c76, github.com/osrg/gobgp/v3/api@3.8.0, github.com/osrg/gobgp/v3/pkg/server@3.8.0, github.com/osrg/gobgp/v3/pkg/config@3.8.0
  From: google.golang.org/grpc@1.50.1
  From: github.com/mwitkow/grpc-proxy/proxy@#0f1106ef9c76 > google.golang.org/grpc@1.50.1
  From: github.com/osrg/gobgp/v3/api@3.8.0 > google.golang.org/grpc@1.50.1
  and 4 more...
  Fixed in: 1.56.3, 1.57.1, 1.58.3
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2023-44487 HTTP/2 rapid reset #939

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

CVE-2023-44487 HTTP/2 rapid reset #939

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions