chore(deps): update module golang.org/x/net to v0.33.0 [security]
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| golang.org/x/net | require | minor |
v0.32.0 -> v0.33.0
|
Non-linear parsing of case-insensitive content in golang.org/x/net/html
CVE-2024-45338 / GHSA-w32m-9786-jp63 / GO-2024-3333
More information
Details
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
Severity
Unknown
References
- https://go.dev/cl/637536
- https://go.dev/issue/70906
- https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Non-linear parsing of case-insensitive content in golang.org/x/net/html
CVE-2024-45338 / GHSA-w32m-9786-jp63 / GO-2024-3333
More information
Details
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
Severity
- CVSS Score: Unknown
- Vector String:
CVSS:4.0/AV:N/AC:L/AT:N/MR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-45338
- https://github.com/golang/go/issues/70906
- https://cs.opensource.google/go/x/net
- https://go.dev/cl/637536
- https://go.dev/issue/70906
- https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
- https://pkg.go.dev/vuln/GO-2024-3333
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.