mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
1ba246e1d8
Found 1 known vulnerability. Vulnerability #1: GO-2022-1144 An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. Call stacks in your code: Error: tools/etcd-dump-metrics/main.go:158:5: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls golang.org/x/net/http2.Server.ServeConn Found in: golang.org/x/net/http2@v0.2.0 Fixed in: golang.org/x/net/http2@v0.4.0 More info: https://pkg.go.dev/vuln/GO-2022-1144 Error: Process completed with exit code 3. Signed-off-by: Benjamin Wang <wachao@vmware.com>
57 lines
1.8 KiB
Modula-2
57 lines
1.8 KiB
Modula-2
module go.etcd.io/etcd/etcdctl/v3
|
|
|
|
go 1.19
|
|
|
|
require (
|
|
github.com/bgentry/speakeasy v0.1.0
|
|
github.com/cheggaaa/pb/v3 v3.0.8
|
|
github.com/dustin/go-humanize v1.0.0
|
|
github.com/olekukonko/tablewriter v0.0.5
|
|
github.com/spf13/cobra v1.4.0
|
|
github.com/spf13/pflag v1.0.5
|
|
go.etcd.io/etcd/api/v3 v3.6.0-alpha.0
|
|
go.etcd.io/etcd/client/pkg/v3 v3.6.0-alpha.0
|
|
go.etcd.io/etcd/client/v3 v3.6.0-alpha.0
|
|
go.etcd.io/etcd/pkg/v3 v3.6.0-alpha.0
|
|
go.uber.org/zap v1.21.0
|
|
golang.org/x/time v0.0.0-20220609170525-579cf78fd858
|
|
google.golang.org/grpc v1.51.0
|
|
)
|
|
|
|
require (
|
|
github.com/VividCortex/ewma v1.1.1 // indirect
|
|
github.com/coreos/go-semver v0.3.0 // indirect
|
|
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
|
|
github.com/fatih/color v1.13.0 // indirect
|
|
github.com/gogo/protobuf v1.3.2 // indirect
|
|
github.com/golang/protobuf v1.5.2 // indirect
|
|
github.com/inconshreveable/mousetrap v1.0.0 // indirect
|
|
github.com/mattn/go-colorable v0.1.12 // indirect
|
|
github.com/mattn/go-isatty v0.0.14 // indirect
|
|
github.com/mattn/go-runewidth v0.0.12 // indirect
|
|
github.com/pkg/errors v0.9.1 // indirect
|
|
github.com/rivo/uniseg v0.2.0 // indirect
|
|
go.uber.org/atomic v1.7.0 // indirect
|
|
go.uber.org/multierr v1.7.0 // indirect
|
|
golang.org/x/net v0.4.0 // indirect
|
|
golang.org/x/sys v0.3.0 // indirect
|
|
golang.org/x/text v0.5.0 // indirect
|
|
google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1 // indirect
|
|
google.golang.org/protobuf v1.27.1 // indirect
|
|
)
|
|
|
|
replace (
|
|
go.etcd.io/etcd/api/v3 => ../api
|
|
go.etcd.io/etcd/client/pkg/v3 => ../client/pkg
|
|
go.etcd.io/etcd/client/v3 => ../client/v3
|
|
go.etcd.io/etcd/pkg/v3 => ../pkg
|
|
)
|
|
|
|
// Bad imports are sometimes causing attempts to pull that code.
|
|
// This makes the error more explicit.
|
|
replace (
|
|
go.etcd.io/etcd => ./FORBIDDEN_DEPENDENCY
|
|
go.etcd.io/etcd/v3 => ./FORBIDDEN_DEPENDENCY
|
|
go.etcd.io/tests/v3 => ./FORBIDDEN_DEPENDENCY
|
|
)
|