GHSA-qc6v-5g5m-8cw2: ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http
Applications using the zitadel-go v3 library (next branch) might be impacted by package vulnerabilities.
The output of govulncheck suggests that only example code seems to be impacted, based on 1 of the 3 potential vulnerabilities. This vulnerability is located in the transitive dependency golang.org/x/net v0.19.0, CVE-2023-45288
References
- github.com/advisories/GHSA-qc6v-5g5m-8cw2
- github.com/zitadel/zitadel-go
- github.com/zitadel/zitadel-go/releases/tag/v3.0.0-next.3
- github.com/zitadel/zitadel-go/security/advisories/GHSA-qc6v-5g5m-8cw2
- pkg.go.dev/vuln/GO-2024-2611
- pkg.go.dev/vuln/GO-2024-2631
- pkg.go.dev/vuln/GO-2024-2687
- www.cve.org/CVERecord?id=CVE-2023-45288
Code Behaviors & Features
Detect and mitigate GHSA-qc6v-5g5m-8cw2 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →