mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
1ba246e1d8
Found 1 known vulnerability. Vulnerability #1: GO-2022-1144 An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. Call stacks in your code: Error: tools/etcd-dump-metrics/main.go:158:5: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls golang.org/x/net/http2.Server.ServeConn Found in: golang.org/x/net/http2@v0.2.0 Fixed in: golang.org/x/net/http2@v0.4.0 More info: https://pkg.go.dev/vuln/GO-2022-1144 Error: Process completed with exit code 3. Signed-off-by: Benjamin Wang <wachao@vmware.com>
35 lines
1.0 KiB
Modula-2
35 lines
1.0 KiB
Modula-2
module go.etcd.io/etcd/api/v3
|
|
|
|
go 1.19
|
|
|
|
require (
|
|
github.com/coreos/go-semver v0.3.0
|
|
github.com/gogo/protobuf v1.3.2
|
|
github.com/golang/protobuf v1.5.2
|
|
github.com/grpc-ecosystem/grpc-gateway v1.16.0
|
|
github.com/stretchr/testify v1.8.1
|
|
google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1
|
|
google.golang.org/grpc v1.51.0
|
|
)
|
|
|
|
require (
|
|
github.com/davecgh/go-spew v1.1.1 // indirect
|
|
github.com/pmezard/go-difflib v1.0.0 // indirect
|
|
golang.org/x/net v0.4.0 // indirect
|
|
golang.org/x/sys v0.3.0 // indirect
|
|
golang.org/x/text v0.5.0 // indirect
|
|
google.golang.org/protobuf v1.27.1 // indirect
|
|
gopkg.in/yaml.v2 v2.4.0 // indirect
|
|
gopkg.in/yaml.v3 v3.0.1 // indirect
|
|
)
|
|
|
|
// Bad imports are sometimes causing attempts to pull that code.
|
|
// This makes the error more explicit.
|
|
replace (
|
|
go.etcd.io/etcd => ./FORBIDDEN_DEPENDENCY
|
|
go.etcd.io/etcd/api/v3 => ./FORBIDDEN_DEPENDENCY
|
|
go.etcd.io/etcd/pkg/v3 => ./FORBIDDEN_DEPENDENCY
|
|
go.etcd.io/etcd/tests/v3 => ./FORBIDDEN_DEPENDENCY
|
|
go.etcd.io/etcd/v3 => ./FORBIDDEN_DEPENDENCY
|
|
)
|