-
-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(master): release 2.7.20 #107
chore(master): release 2.7.20 #107
Conversation
Outdated🔍 Vulnerabilities of
|
digest | sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034 |
vulnerabilities | |
size | 102 MB |
packages | 247 |
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as |
|
digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
vulnerabilities |
stdlib
|
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Affected range | >=1.22.0-0 |
Fixed version | 1.22.5 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.19% |
EPSS Percentile | 57th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Outdated🔍 Vulnerabilities of
|
digest | sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034 |
vulnerabilities | |
size | 102 MB |
packages | 247 |
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as |
|
digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
vulnerabilities |
stdlib
|
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Affected range | >=1.22.0-0 |
Fixed version | 1.22.5 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.19% |
EPSS Percentile | 57th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
1 similar comment
Outdated🔍 Vulnerabilities of
|
digest | sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034 |
vulnerabilities | |
size | 102 MB |
packages | 247 |
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as |
|
digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
vulnerabilities |
stdlib
|
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Affected range | >=1.22.0-0 |
Fixed version | 1.22.5 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.19% |
EPSS Percentile | 57th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
OutdatedRecommended fixes for image
|
Name | 3.20.3 |
Digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
Vulnerabilities | |
Pushed | 2 months ago |
Size | 3.6 MB |
Packages | 17 |
OS | 3.20.3 |
The base image is also available under the supported tag(s):3.20
,3.20.3
,latest
Refresh base image
Rebuild the image using a newer base image version. Updating this may result in breaking changes.✅ This image version is up to date.
Change base image
✅ There are no tag recommendations at this time.
1 similar comment
OutdatedRecommended fixes for image
|
Name | 3.20.3 |
Digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
Vulnerabilities | |
Pushed | 2 months ago |
Size | 3.6 MB |
Packages | 17 |
OS | 3.20.3 |
The base image is also available under the supported tag(s):3.20
,3.20.3
,latest
Refresh base image
Rebuild the image using a newer base image version. Updating this may result in breaking changes.✅ This image version is up to date.
Change base image
✅ There are no tag recommendations at this time.
Outdated🔍 Vulnerabilities of
|
digest | sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034 |
vulnerabilities | |
size | 102 MB |
packages | 247 |
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as |
|
digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
vulnerabilities |
stdlib
|
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Affected range | >=1.22.0-0 |
Fixed version | 1.22.5 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.19% |
EPSS Percentile | 57th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
1 similar comment
Outdated🔍 Vulnerabilities of
|
digest | sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034 |
vulnerabilities | |
size | 102 MB |
packages | 247 |
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as |
|
digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
vulnerabilities |
stdlib
|
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Affected range | >=1.22.0-0 |
Fixed version | 1.22.5 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.19% |
EPSS Percentile | 57th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
OutdatedRecommended fixes for image
|
Name | 3.20.3 |
Digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
Vulnerabilities | |
Pushed | 2 months ago |
Size | 3.6 MB |
Packages | 17 |
OS | 3.20.3 |
The base image is also available under the supported tag(s):3.20
,3.20.3
,latest
Refresh base image
Rebuild the image using a newer base image version. Updating this may result in breaking changes.✅ This image version is up to date.
Change base image
✅ There are no tag recommendations at this time.
1 similar comment
OutdatedRecommended fixes for image
|
Name | 3.20.3 |
Digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
Vulnerabilities | |
Pushed | 2 months ago |
Size | 3.6 MB |
Packages | 17 |
OS | 3.20.3 |
The base image is also available under the supported tag(s):3.20
,3.20.3
,latest
Refresh base image
Rebuild the image using a newer base image version. Updating this may result in breaking changes.✅ This image version is up to date.
Change base image
✅ There are no tag recommendations at this time.
Outdated🔍 Vulnerabilities of
|
digest | sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034 |
vulnerabilities | |
size | 102 MB |
packages | 247 |
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as |
|
digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
vulnerabilities |
stdlib
|
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Affected range | >=1.22.0-0 |
Fixed version | 1.22.5 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.19% |
EPSS Percentile | 57th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
OutdatedRecommended fixes for image
|
Name | 3.20.3 |
Digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
Vulnerabilities | |
Pushed | 2 months ago |
Size | 3.6 MB |
Packages | 17 |
OS | 3.20.3 |
The base image is also available under the supported tag(s):3.20
,3.20.3
,latest
Refresh base image
Rebuild the image using a newer base image version. Updating this may result in breaking changes.✅ This image version is up to date.
Change base image
✅ There are no tag recommendations at this time.
Outdated🔍 Vulnerabilities of
|
digest | sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034 |
vulnerabilities | |
size | 102 MB |
packages | 247 |
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as |
|
digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
vulnerabilities |
stdlib
|
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Affected range | >=1.22.0-0 |
Fixed version | 1.22.5 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.19% |
EPSS Percentile | 57th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
OutdatedRecommended fixes for image
|
Name | 3.20.3 |
Digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
Vulnerabilities | |
Pushed | 2 months ago |
Size | 3.6 MB |
Packages | 17 |
OS | 3.20.3 |
The base image is also available under the supported tag(s):3.20
,3.20.3
,latest
Refresh base image
Rebuild the image using a newer base image version. Updating this may result in breaking changes.✅ This image version is up to date.
Change base image
✅ There are no tag recommendations at this time.
Outdated🔍 Vulnerabilities of
|
digest | sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034 |
vulnerabilities | |
size | 102 MB |
packages | 247 |
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as |
|
digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
vulnerabilities |
stdlib
|
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Affected range | >=1.22.0-0 |
Fixed version | 1.22.5 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.19% |
EPSS Percentile | 57th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
OutdatedRecommended fixes for image
|
Name | 3.20.3 |
Digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
Vulnerabilities | |
Pushed | 2 months ago |
Size | 3.6 MB |
Packages | 17 |
OS | 3.20.3 |
The base image is also available under the supported tag(s):3.20
,3.20.3
,latest
Refresh base image
Rebuild the image using a newer base image version. Updating this may result in breaking changes.✅ This image version is up to date.
Change base image
✅ There are no tag recommendations at this time.
🔍 Vulnerabilities of
|
digest | sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034 |
vulnerabilities | |
size | 102 MB |
packages | 247 |
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as |
|
digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
vulnerabilities |
stdlib
|
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Affected range | >=1.22.0-0 |
Fixed version | 1.22.5 |
EPSS Score | 0.04% |
EPSS Percentile | 17th percentile |
Description
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Affected range | <1.22.7 |
Fixed version | 1.22.7 |
EPSS Score | 0.19% |
EPSS Percentile | 57th percentile |
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Recommended fixes for image
|
Name | 3.20.3 |
Digest | sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 |
Vulnerabilities | |
Pushed | 2 months ago |
Size | 3.6 MB |
Packages | 17 |
OS | 3.20.3 |
The base image is also available under the supported tag(s):3.20
,3.20.3
,latest
Refresh base image
Rebuild the image using a newer base image version. Updating this may result in breaking changes.✅ This image version is up to date.
Change base image
✅ There are no tag recommendations at this time.
🤖 Created releases:
|
🤖 I have created a release beep boop
2.7.20 (2024-11-22)
Bug Fixes
This PR was generated with Release Please. See documentation.