CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
A vulnerability in the protojson.Unmarshal() function of the golang-google-protobuf package of the Golang programming language
is related to an infinite loop when anmarshaling certain JSON forms. Exploitation of the vulnerability could
allow an attacker acting remotely to cause a denial of service
A vulnerability in the OpenTelemetry-Go Contrib third-party package set is related to the addition of tags
net.peer.sock.addr
and net.peer.sock.port
, which have unrelated power. Exploitation of the vulnerability
could allow an attacker acting remotely to cause a denial of service
A vulnerability in the net/http and net/http2 libraries of the Go programming language (in terms of the implementation of the
HTTP/2) is related to uncontrolled resource consumption due to incorrect end-of-header detection during CONT/2 frame processing.
header when processing CONTINUATION frames. Exploitation of the vulnerability could allow an attacker,
acting remotely, to cause a denial of service