registry.hub.docker.com/infracost/infracost (alpine 3.16.9)

Trivy Image Scan

• Image: registry.hub.docker.com/infracost/infracost (alpine 3.16.9)
• Scan date: 2024-12-04

registry.hub.docker.com/infracost/infracost (alpine 3.16.9) (alpine)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
busybox	CVE-2023-42366	MEDIUM	1.35.0-r17	1.35.0-r18	https://access.redhat.com/security/cve/CVE-2023-42366 https://bugs.busybox.net/show_bug.cgi?id=15874 https://nvd.nist.gov/vuln/detail/CVE-2023-42366 https://www.cve.org/CVERecord?id=CVE-2023-42366
ssl_client	CVE-2023-42366	MEDIUM	1.35.0-r17	1.35.0-r18	https://access.redhat.com/security/cve/CVE-2023-42366 https://bugs.busybox.net/show_bug.cgi?id=15874 https://nvd.nist.gov/vuln/detail/CVE-2023-42366 https://www.cve.org/CVERecord?id=CVE-2023-42366
No Misconfigurations found

usr/bin/infracost (gobinary)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/golang-jwt/jwt/v4	CVE-2024-51744	LOW	v4.5.0	4.5.1	https://access.redhat.com/security/cve/CVE-2024-51744 https://github.com/golang-jwt/jwt https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r https://nvd.nist.gov/vuln/detail/CVE-2024-51744 https://www.cve.org/CVERecord?id=CVE-2024-51744
github.com/open-policy-agent/opa	CVE-2024-8260	MEDIUM	v0.46.1	0.68.0	https://access.redhat.com/security/cve/CVE-2024-8260 https://github.com/open-policy-agent/opa https://github.com/open-policy-agent/opa/commit/10f4d553e6bb6ae9c69611ecdd9a77dda857070e https://github.com/open-policy-agent/opa/releases/tag/v0.68.0 https://nvd.nist.gov/vuln/detail/CVE-2024-8260 https://pkg.go.dev/vuln/GO-2024-3141 https://www.cve.org/CVERecord?id=CVE-2024-8260 https://www.tenable.com/security/research/tra-2024-36
gopkg.in/square/go-jose.v2	CVE-2024-28180	MEDIUM	v2.6.0	no fix available	https://access.redhat.com/errata/RHSA-2024:3827 https://access.redhat.com/security/cve/CVE-2024-28180 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268820 https://bugzilla.redhat.com/2268854 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268820 https://bugzilla.redhat.com/show_bug.cgi?id=2268854 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28176 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28180 https://errata.almalinux.org/9/ALSA-2024-3827.html https://errata.rockylinux.org/RLSA-2024:3827 https://github.com/go-jose/go-jose https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502 https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g https://linux.oracle.com/cve/CVE-2024-28180.html https://linux.oracle.com/errata/ELSA-2024-3968.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/ https://nvd.nist.gov/vuln/detail/CVE-2024-28180 https://www.cve.org/CVERecord?id=CVE-2024-28180
stdlib	CVE-2024-34156	HIGH	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9473 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2318052 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2024-9473.html https://errata.rockylinux.org/RLSA-2024:7204 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2024-9473.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-34155	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:6913 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:6913 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
No Misconfigurations found

usr/bin/terraform (gobinary)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/Masterminds/goutils	CVE-2021-4238	CRITICAL	v1.1.0	1.1.1	https://access.redhat.com/security/cve/CVE-2021-4238 https://github.com/Masterminds/goutils https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 https://github.com/advisories/GHSA-3839-6r69-m497 https://nvd.nist.gov/vuln/detail/CVE-2021-4238 https://pkg.go.dev/vuln/GO-2022-0411 https://www.cve.org/CVERecord?id=CVE-2021-4238
github.com/Masterminds/goutils	GHSA-xg2h-wx96-xgxr	LOW	v1.1.0	1.1.1	https://github.com/Masterminds/goutils https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 https://github.com/Masterminds/goutils/commit/f1923532a168b8203bfe956d8cd3b17ebece5982 https://github.com/Masterminds/goutils/releases/tag/v1.1.1 https://github.com/Masterminds/goutils/security/advisories/GHSA-xg2h-wx96-xgxr
github.com/gogo/protobuf	CVE-2021-3121	HIGH	v1.2.2-0.20190723190241-65acae22fc9d	1.3.2	https://access.redhat.com/security/cve/CVE-2021-3121 https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 https://github.com/gogo/protobuf https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-3121 https://pkg.go.dev/vuln/GO-2021-0053 https://security.netapp.com/advisory/ntap-20210219-0006 https://security.netapp.com/advisory/ntap-20210219-0006/ https://www.cve.org/CVERecord?id=CVE-2021-3121
github.com/hashicorp/consul	CVE-2019-9764	HIGH	v0.0.0-20171026175957-610f3c86a089	1.4.4	https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40 https://github.com/hashicorp/consul/issues/5519 https://nvd.nist.gov/vuln/detail/CVE-2019-9764
github.com/hashicorp/consul	CVE-2020-7219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.6.3	https://access.redhat.com/security/cve/CVE-2020-7219 https://github.com/hashicorp/consul/issues/7159 https://nvd.nist.gov/vuln/detail/CVE-2020-7219 https://www.cve.org/CVERecord?id=CVE-2020-7219 https://www.hashicorp.com/blog/category/consul https://www.hashicorp.com/blog/category/consul/
github.com/hashicorp/consul	CVE-2021-32574	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32574 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-36213	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36213 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-37219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://access.redhat.com/security/cve/CVE-2021-37219 https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0 https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1 https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 https://github.com/hashicorp/consul/pull/10925 https://nvd.nist.gov/vuln/detail/CVE-2021-37219 https://security.gentoo.org/glsa/202207-01 https://www.cve.org/CVERecord?id=CVE-2021-37219 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-29153	HIGH	v0.0.0-20171026175957-610f3c86a089	1.9.17, 1.10.10, 1.11.5	https://access.redhat.com/security/cve/CVE-2022-29153 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 https://github.com/advisories/GHSA-q6h7-4qgw-2j9p https://github.com/hashicorp/consul https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://nvd.nist.gov/vuln/detail/CVE-2022-29153 https://security.gentoo.org/glsa/202208-09 https://security.netapp.com/advisory/ntap-20220602-0005 https://security.netapp.com/advisory/ntap-20220602-0005/ https://www.cve.org/CVERecord?id=CVE-2022-29153
github.com/hashicorp/consul	CVE-2020-25864	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.9.5, 1.8.10, 1.7.14	https://access.redhat.com/security/cve/CVE-2020-25864 https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10023 https://nvd.nist.gov/vuln/detail/CVE-2020-25864 https://security.gentoo.org/glsa/202208-09 https://www.cve.org/CVERecord?id=CVE-2020-25864 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-38698	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10824 https://nvd.nist.gov/vuln/detail/CVE-2021-38698 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-40716	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.11.9, 1.12.5, 1.13.2	https://access.redhat.com/security/cve/CVE-2022-40716 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628/1 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/8f6fb4f6fe9488b8ec37da71ac503081d7d3760b https://github.com/hashicorp/consul/pull/14579 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI https://nvd.nist.gov/vuln/detail/CVE-2022-40716 https://www.cve.org/CVERecord?id=CVE-2022-40716
github.com/hashicorp/consul	CVE-2023-1297	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.14.5, 1.15.3	https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 https://github.com/hashicorp/consul https://nvd.nist.gov/vuln/detail/CVE-2023-1297
github.com/hashicorp/go-getter	CVE-2022-26945	CRITICAL	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-26945 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://nvd.nist.gov/vuln/detail/CVE-2022-26945 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-26945
github.com/hashicorp/go-getter	CVE-2022-30321	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30321 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30321 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30321
github.com/hashicorp/go-getter	CVE-2022-30322	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30322 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30322 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30322
github.com/hashicorp/go-getter	CVE-2022-30323	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30323 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30323 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30323
github.com/hashicorp/go-getter	CVE-2024-6257	HIGH	v1.5.2	1.7.5	https://access.redhat.com/security/cve/CVE-2024-6257 https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 https://github.com/advisories/GHSA-xfhp-jf8p-mh5w https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9 https://nvd.nist.gov/vuln/detail/CVE-2024-6257 https://www.cve.org/CVERecord?id=CVE-2024-6257
github.com/hashicorp/go-getter	CVE-2022-29810	MEDIUM	v1.5.2	1.5.11	https://access.redhat.com/security/cve/CVE-2022-29810 https://github.com/golang/vulndb/issues/438 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11 https://nvd.nist.gov/vuln/detail/CVE-2022-29810 https://pkg.go.dev/vuln/GO-2022-0438 https://www.cve.org/CVERecord?id=CVE-2022-29810
github.com/hashicorp/go-getter	CVE-2023-0475	MEDIUM	v1.5.2	1.7.0	https://access.redhat.com/security/cve/CVE-2023-0475 https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6 https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc https://nvd.nist.gov/vuln/detail/CVE-2023-0475 https://www.cve.org/CVERecord?id=CVE-2023-0475
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	MEDIUM	v0.5.2	0.7.7	https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-6104 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://discuss.hashicorp.com/c/security https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027 https://errata.almalinux.org/9/ALSA-2024-9115.html https://github.com/advisories/GHSA-v6v8-xj6m-xwqh https://github.com/hashicorp/go-retryablehttp https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a https://linux.oracle.com/cve/CVE-2024-6104.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-6104 https://www.cve.org/CVERecord?id=CVE-2024-6104
github.com/hashicorp/go-slug	CVE-2020-29529	HIGH	v0.4.1	0.5.0	https://access.redhat.com/security/cve/CVE-2020-29529 https://github.com/hashicorp/go-slug https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f https://github.com/hashicorp/go-slug/commit/764785bc4cbb9e600ad1cf1a6bd21b535c182983 https://github.com/hashicorp/go-slug/compare/v0.4.3...v0.5.0 https://github.com/hashicorp/go-slug/pull/12 https://github.com/hashicorp/go-slug/releases/tag/v0.5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-29529 https://pkg.go.dev/vuln/GO-2021-0094 https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug https://www.cve.org/CVERecord?id=CVE-2020-29529
golang.org/x/crypto	CVE-2021-43565	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20211202192323-5770296d904e	https://access.redhat.com/security/cve/CVE-2021-43565 https://go.dev/cl/368814 https://go.dev/issues/49932 https://groups.google.com/forum/#!forum/golang-announce https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs https://nvd.nist.gov/vuln/detail/CVE-2021-43565 https://pkg.go.dev/vuln/GO-2022-0968 https://www.cve.org/CVERecord?id=CVE-2021-43565
golang.org/x/crypto	CVE-2022-27191	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20220314234659-1baeb1ce4c0b	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2022-27191 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://cs.opensource.google/go/x/crypto https://errata.almalinux.org/9/ALSA-2022-8008.html https://go.dev/cl/392355 https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/-cp44ypCT5s https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ https://linux.oracle.com/cve/CVE-2022-27191.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-27191 https://pkg.go.dev/vuln/GO-2021-0356 https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml https://security.netapp.com/advisory/ntap-20220429-0002 https://security.netapp.com/advisory/ntap-20220429-0002/ https://www.cve.org/CVERecord?id=CVE-2022-27191
golang.org/x/crypto	CVE-2023-48795	MEDIUM	v0.0.0-20210322153248-0c34fe9e7dc2	0.17.0	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/errata/RHSA-2024:1150 https://access.redhat.com/security/cve/CVE-2023-48795 https://access.redhat.com/security/cve/cve-2023-48795 https://access.redhat.com/solutions/7071748 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/2254210 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 https://errata.almalinux.org/9/ALSA-2024-1150.html https://errata.rockylinux.org/RLSA-2024:0628 https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 https://gitlab.com/libssh/libssh-mirror/-/tags https://go.dev/cl/550715 https://go.dev/issue/64784 https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5 https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://linux.oracle.com/cve/CVE-2023-48795.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://oryx-embedded.com/download/#changelog https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 https://security.netapp.com/advisory/ntap-20240105-0004 https://security.netapp.com/advisory/ntap-20240105-0004/ https://support.apple.com/kb/HT214084 https://terrapin-attack.com/ https://thorntech.com/cve-2023-48795-and-sftp-gateway https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://ubuntu.com/security/notices/USN-6560-1 https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6561-1 https://ubuntu.com/security/notices/USN-6585-1 https://ubuntu.com/security/notices/USN-6589-1 https://ubuntu.com/security/notices/USN-6598-1 https://ubuntu.com/security/notices/USN-6738-1 https://ubuntu.com/security/notices/USN-7051-1 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.debian.org/security/2023/dsa-5586 https://www.debian.org/security/2023/dsa-5588 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt
golang.org/x/net	CVE-2021-33194	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.0.0-20210520170846-37e1c6afe023	https://access.redhat.com/security/cve/CVE-2021-33194 https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7 https://go.dev/cl/311090 https://go.dev/issue/46288 https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7 https://groups.google.com/g/golang-announce/c/wPunbCPkWUg https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM https://nvd.nist.gov/vuln/detail/CVE-2021-33194 https://pkg.go.dev/vuln/GO-2021-0238 https://www.cve.org/CVERecord?id=CVE-2021-33194
golang.org/x/net	CVE-2022-27664	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.0.0-20220906165146-f3363e06e74c	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-27664 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=1913333 https://bugzilla.redhat.com/show_bug.cgi?id=1913338 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 https://bugzilla.redhat.com/show_bug.cgi?id=2124669 https://cs.opensource.google/go/x/net https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:7129 https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) https://github.com/golang/go/issues/54658 https://go.dev/cl/428735 https://go.dev/issue/54658 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ https://linux.oracle.com/cve/CVE-2022-27664.html https://linux.oracle.com/errata/ELSA-2024-0121.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://pkg.go.dev/vuln/GO-2022-0969 https://security.gentoo.org/glsa/202209-26 https://security.netapp.com/advisory/ntap-20220923-0004 https://security.netapp.com/advisory/ntap-20220923-0004/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-27664
golang.org/x/net	CVE-2022-41723	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.7.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://linux.oracle.com/cve/CVE-2022-41723.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/ https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://pkg.go.dev/vuln/GO-2023-1571 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://vuln.go.dev/ID/GO-2023-1571.json https://www.couchbase.com/alerts https://www.couchbase.com/alerts/ https://www.cve.org/CVERecord?id=CVE-2022-41723
golang.org/x/net	CVE-2023-39325	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.17.0	golang.org/x/net https://access.redhat.com/errata/RHSA-2023:6077 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://errata.almalinux.org/9/ALSA-2023-6077.html https://errata.rockylinux.org/RLSA-2023:6077 https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] https://github.com/golang/go/issues/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://linux.oracle.com/cve/CVE-2023-39325.html https://linux.oracle.com/errata/ELSA-2023-5867.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://pkg.go.dev/vuln/GO-2023-2102 https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231110-0008 https://security.netapp.com/advisory/ntap-20231110-0008/ https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-7061-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-39325
golang.org/x/net	CVE-2021-31525	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.0.0-20210428140749-89ef3d95e781	https://access.redhat.com/security/cve/CVE-2021-31525 https://github.com/golang/go https://github.com/golang/go/issues/45710 https://go.dev/cl/313069 https://go.dev/issue/45710 https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9 https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc https://linux.oracle.com/cve/CVE-2021-31525.html https://linux.oracle.com/errata/ELSA-2021-3076.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF https://nvd.nist.gov/vuln/detail/CVE-2021-31525 https://pkg.go.dev/vuln/GO-2022-0236 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-31525
golang.org/x/net	CVE-2022-41717	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.4.0	https://access.redhat.com/errata/RHSA-2023:6420 https://access.redhat.com/security/cve/CVE-2022-41717 https://bugzilla.redhat.com/2131146 https://bugzilla.redhat.com/2131147 https://bugzilla.redhat.com/2131148 https://bugzilla.redhat.com/2138014 https://bugzilla.redhat.com/2138015 https://bugzilla.redhat.com/2148252 https://bugzilla.redhat.com/2158420 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/2184483 https://cs.opensource.google/go/x/net https://errata.almalinux.org/9/ALSA-2023-6420.html https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://linux.oracle.com/cve/CVE-2022-41717.html https://linux.oracle.com/errata/ELSA-2023-6420.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2022-41717 https://pkg.go.dev/vuln/GO-2022-1144 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-41717
golang.org/x/net	CVE-2023-3978	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.13.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-3978 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://go.dev/cl/514896 https://go.dev/issue/61615 https://linux.oracle.com/cve/CVE-2023-3978.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-3978 https://pkg.go.dev/vuln/GO-2023-1988 https://www.cve.org/CVERecord?id=CVE-2023-3978
golang.org/x/net	CVE-2023-44487	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.17.0	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
golang.org/x/net	CVE-2023-45288	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.23.0	http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://access.redhat.com/errata/RHSA-2024:2724 https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268018 https://bugzilla.redhat.com/2268019 https://bugzilla.redhat.com/2268273 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 https://errata.almalinux.org/9/ALSA-2024-2724.html https://errata.rockylinux.org/RLSA-2024:2724 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://kb.cert.org/vuls/id/421644 https://linux.oracle.com/cve/CVE-2023-45288.html https://linux.oracle.com/errata/ELSA-2024-3346.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://nowotarski.info/http2-continuation-flood-technical-details https://nowotarski.info/http2-continuation-flood/ https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://security.netapp.com/advisory/ntap-20240419-0009/ https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://www.kb.cert.org/vuls/id/421644
golang.org/x/sys	CVE-2022-29526	MEDIUM	v0.0.0-20210403161142-5e06dd20ab57	0.0.0-20220412211240-33da011f77ad	https://access.redhat.com/security/cve/CVE-2022-29526 https://github.com/golang/go https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c https://github.com/golang/go/issues/52313 https://go.dev/cl/399539 https://go.dev/cl/400074 https://go.dev/issue/52313 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU https://linux.oracle.com/cve/CVE-2022-29526.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-29526 https://pkg.go.dev/vuln/GO-2022-0493 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220729-0001 https://security.netapp.com/advisory/ntap-20220729-0001/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-29526
golang.org/x/text	CVE-2021-38561	HIGH	v0.3.5	0.3.7	https://access.redhat.com/security/cve/CVE-2021-38561 https://deps.dev/advisory/OSV/GO-2021-0113 https://go.dev/cl/340830 https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f https://groups.google.com/g/golang-announce https://nvd.nist.gov/vuln/detail/CVE-2021-38561 https://pkg.go.dev/golang.org/x/text/language https://pkg.go.dev/vuln/GO-2021-0113 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2021-38561
golang.org/x/text	CVE-2022-32149	HIGH	v0.3.5	0.3.8	https://access.redhat.com/security/cve/CVE-2022-32149 https://github.com/golang/go/issues/56152 https://github.com/golang/text https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) https://go.dev/cl/442235 https://go.dev/issue/56152 https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ https://groups.google.com/g/golang-dev/c/qfPIly0X7aU https://nvd.nist.gov/vuln/detail/CVE-2022-32149 https://pkg.go.dev/vuln/GO-2022-1059 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2022-32149
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	v1.27.1	1.56.3, 1.57.1, 1.58.3	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g https://nvd.nist.gov/vuln/detail/CVE-2023-44487
google.golang.org/grpc	CVE-2023-44487	MEDIUM	v1.27.1	1.58.3, 1.57.1, 1.56.3	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
google.golang.org/protobuf	CVE-2024-24786	MEDIUM	v1.25.0	1.33.0	http://www.openwall.com/lists/oss-security/2024/03/08/4 https://access.redhat.com/errata/RHSA-2024:2550 https://access.redhat.com/security/cve/CVE-2024-24786 https://bugzilla.redhat.com/2268046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786 https://errata.almalinux.org/9/ALSA-2024-2550.html https://errata.rockylinux.org/RLSA-2024:2550 https://github.com/protocolbuffers/protobuf-go https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023 https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0 https://go-review.googlesource.com/c/protobuf/+/569356 https://go.dev/cl/569356 https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ https://linux.oracle.com/cve/CVE-2024-24786.html https://linux.oracle.com/errata/ELSA-2024-4246.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ https://nvd.nist.gov/vuln/detail/CVE-2024-24786 https://pkg.go.dev/vuln/GO-2024-2611 https://security.netapp.com/advisory/ntap-20240517-0002 https://security.netapp.com/advisory/ntap-20240517-0002/ https://ubuntu.com/security/notices/USN-6746-1 https://ubuntu.com/security/notices/USN-6746-2 https://www.cve.org/CVERecord?id=CVE-2024-24786
k8s.io/apimachinery	GHSA-74fp-r6jw-h4mp	HIGH	v0.0.0-20190913080033-27d36303b655	0.0.0-20190927203648-9ce6eca90e73	https://github.com/advisories/GHSA-pmqp-h87c-mr78 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/83253 https://github.com/kubernetes/kubernetes/pull/83261 https://groups.google.com/g/kubernetes-security-announce/c/jk8polzSUxs https://nvd.nist.gov/vuln/detail/CVE-2019-11253 https://pkg.go.dev/vuln/GO-2022-0965 https://stackoverflow.com/questions/58129150/security-yaml-bomb-user-can-restart-kube-api-by-sending-configmap
k8s.io/apimachinery	CVE-2020-8559	MEDIUM	v0.0.0-20190913080033-27d36303b655	0.16.13, 0.17.9, 0.18.7	https://access.redhat.com/security/cve/CVE-2020-8559 https://bugzilla.redhat.com/show_bug.cgi?id=1851422 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/92914 https://github.com/kubernetes/kubernetes/pull/92941 https://github.com/tdwyer/CVE-2020-8559 https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs https://linux.oracle.com/cve/CVE-2020-8559.html https://linux.oracle.com/errata/ELSA-2020-5767.html https://nvd.nist.gov/vuln/detail/CVE-2020-8559 https://security.netapp.com/advisory/ntap-20200810-0004 https://security.netapp.com/advisory/ntap-20200810-0004/ https://www.cve.org/CVERecord?id=CVE-2020-8559 https://www.cve.org/cverecord?id=CVE-2020-8559
k8s.io/client-go	CVE-2019-11250	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.17.0	http://www.openwall.com/lists/oss-security/2020/10/16/2 https://access.redhat.com/errata/RHSA-2019:4052 https://access.redhat.com/errata/RHSA-2019:4087 https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://access.redhat.com/security/cve/CVE-2019-11250 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245 https://github.com/kubernetes/kubernetes/issues/81114 https://github.com/kubernetes/kubernetes/pull/81330 https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://pkg.go.dev/vuln/GO-2021-0065 https://security.netapp.com/advisory/ntap-20190919-0003 https://security.netapp.com/advisory/ntap-20190919-0003/ https://www.cve.org/CVERecord?id=CVE-2019-11250 https://www.cve.org/cverecord?id=CVE-2019-11250
k8s.io/client-go	CVE-2020-8565	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16	https://access.redhat.com/security/cve/CVE-2020-8565 https://github.com/kubernetes/client-go https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3 https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0 https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86 https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373 https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419 https://github.com/kubernetes/kubernetes/issues/95623 https://github.com/kubernetes/kubernetes/pull/95316 https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ https://nvd.nist.gov/vuln/detail/CVE-2020-8565 https://pkg.go.dev/vuln/GO-2021-0064 https://www.cve.org/CVERecord?id=CVE-2020-8565 https://www.cve.org/cverecord?id=CVE-2020-8565
stdlib	CVE-2022-23806	CRITICAL	v1.16.4	1.16.14, 1.17.7	https://access.redhat.com/security/cve/CVE-2022-23806 https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ https://linux.oracle.com/cve/CVE-2022-23806.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2022-23806 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220225-0006/ https://www.cve.org/CVERecord?id=CVE-2022-23806 https://www.oracle.com/security-alerts/cpujul2022.html
stdlib	CVE-2023-24538	CRITICAL	v1.16.4	1.19.8, 1.20.3	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3) https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8) https://github.com/golang/go/issues/59234 https://go.dev/cl/482079 https://go.dev/issue/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://linux.oracle.com/cve/CVE-2023-24538.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://pkg.go.dev/vuln/GO-2023-1703 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://ubuntu.com/security/notices/USN-6140-1 https://ubuntu.com/security/notices/USN-7061-1 https://www.cve.org/CVERecord?id=CVE-2023-24538
stdlib	CVE-2023-24540	CRITICAL	v1.16.4	1.19.9, 1.20.4	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4) https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9) https://github.com/golang/go/issues/59721 https://go.dev/cl/491616 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://linux.oracle.com/cve/CVE-2023-24540.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://pkg.go.dev/vuln/GO-2023-1752 https://ubuntu.com/security/notices/USN-6140-1 https://www.cve.org/CVERecord?id=CVE-2023-24540
stdlib	CVE-2024-24790	CRITICAL	v1.16.4	1.21.11, 1.22.4	http://www.openwall.com/lists/oss-security/2024/06/04/1 https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790 https://errata.almalinux.org/9/ALSA-2024-9115.html https://errata.rockylinux.org/RLSA-2024:4212 https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21) https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22) https://github.com/golang/go/issues/67680 https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ https://linux.oracle.com/cve/CVE-2024-24790.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://pkg.go.dev/vuln/GO-2024-2887 https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cve.org/CVERecord?id=CVE-2024-24790
stdlib	CVE-2021-33195	HIGH	v1.16.4	1.15.13, 1.16.5	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2021-33195 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://errata.almalinux.org/9/ALSA-2022-8008.html https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI https://linux.oracle.com/cve/CVE-2021-33195.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://nvd.nist.gov/vuln/detail/CVE-2021-33195 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20210902-0005/ https://www.cve.org/CVERecord?id=CVE-2021-33195
stdlib	CVE-2021-33196	HIGH	v1.16.4	1.15.13, 1.16.5	https://access.redhat.com/security/cve/CVE-2021-33196 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI https://linux.oracle.com/cve/CVE-2021-33196.html https://linux.oracle.com/errata/ELSA-2021-3076.html https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2021-33196 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-33196
66 other vulnerabilities found...
No Misconfigurations found

usr/bin/terraform_0.13 (gobinary)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/aws/aws-sdk-go	CVE-2020-8911	MEDIUM	v1.31.9	1.34.0	https://access.redhat.com/security/cve/CVE-2020-8911 https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09 https://bugzilla.redhat.com/show_bug.cgi?id=1869800 https://github.com/aws/aws-sdk-go https://github.com/aws/aws-sdk-go/commit/1e84382fa1c0086362b5a4b68e068d4f8518d40e https://github.com/aws/aws-sdk-go/commit/ae9b9fd92af132cfd8d879809d8611825ba135f4 https://github.com/aws/aws-sdk-go/pull/3403 https://github.com/google/security-research/security/advisories/GHSA-f5pg-7wfw-84q9 https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc https://nvd.nist.gov/vuln/detail/CVE-2020-8911 https://pkg.go.dev/vuln/GO-2022-0646 https://www.cve.org/CVERecord?id=CVE-2020-8911
github.com/aws/aws-sdk-go	CVE-2022-2582	MEDIUM	v1.31.9	1.34.0	https://github.com/aws/aws-sdk-go https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1 https://nvd.nist.gov/vuln/detail/CVE-2022-2582 https://pkg.go.dev/vuln/GO-2022-0391
github.com/aws/aws-sdk-go	GHSA-76wf-9vgp-pj7w	MEDIUM	v1.31.9	1.34.0	https://github.com/aws/aws-sdk-go https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1 https://github.com/google/security-research/security/advisories/GHSA-76wf-9vgp-pj7w https://pkg.go.dev/vuln/GO-2022-0391
github.com/aws/aws-sdk-go	CVE-2020-8912	LOW	v1.31.9	1.34.0	https://access.redhat.com/security/cve/CVE-2020-8912 https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09 https://bugzilla.redhat.com/show_bug.cgi?id=1869801 https://github.com/aws/aws-sdk-go https://github.com/aws/aws-sdk-go/commit/1e84382fa1c0086362b5a4b68e068d4f8518d40e https://github.com/aws/aws-sdk-go/commit/ae9b9fd92af132cfd8d879809d8611825ba135f4 https://github.com/aws/aws-sdk-go/pull/3403 https://github.com/google/security-research/security/advisories/GHSA-7f33-f4f5-xwgw https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc https://nvd.nist.gov/vuln/detail/CVE-2020-8912 https://pkg.go.dev/vuln/GO-2022-0646 https://www.cve.org/CVERecord?id=CVE-2020-8912
github.com/dgrijalva/jwt-go	CVE-2020-26160	HIGH	v3.2.0+incompatible	no fix available	https://access.redhat.com/security/cve/CVE-2020-26160 https://github.com/dgrijalva/jwt-go https://github.com/dgrijalva/jwt-go/commit/ec0a89a131e3e8567adcb21254a5cd20a70ea4ab https://github.com/dgrijalva/jwt-go/issues/422 https://github.com/dgrijalva/jwt-go/issues/462 https://github.com/dgrijalva/jwt-go/pull/426 https://nvd.nist.gov/vuln/detail/CVE-2020-26160 https://pkg.go.dev/vuln/GO-2020-0017 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515 https://www.cve.org/CVERecord?id=CVE-2020-26160
github.com/gogo/protobuf	CVE-2021-3121	HIGH	v1.2.2-0.20190723190241-65acae22fc9d	1.3.2	https://access.redhat.com/security/cve/CVE-2021-3121 https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 https://github.com/gogo/protobuf https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-3121 https://pkg.go.dev/vuln/GO-2021-0053 https://security.netapp.com/advisory/ntap-20210219-0006 https://security.netapp.com/advisory/ntap-20210219-0006/ https://www.cve.org/CVERecord?id=CVE-2021-3121
github.com/hashicorp/consul	CVE-2019-9764	HIGH	v0.0.0-20171026175957-610f3c86a089	1.4.4	https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40 https://github.com/hashicorp/consul/issues/5519 https://nvd.nist.gov/vuln/detail/CVE-2019-9764
github.com/hashicorp/consul	CVE-2020-7219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.6.3	https://access.redhat.com/security/cve/CVE-2020-7219 https://github.com/hashicorp/consul/issues/7159 https://nvd.nist.gov/vuln/detail/CVE-2020-7219 https://www.cve.org/CVERecord?id=CVE-2020-7219 https://www.hashicorp.com/blog/category/consul https://www.hashicorp.com/blog/category/consul/
github.com/hashicorp/consul	CVE-2021-32574	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32574 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-36213	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36213 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-37219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://access.redhat.com/security/cve/CVE-2021-37219 https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0 https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1 https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 https://github.com/hashicorp/consul/pull/10925 https://nvd.nist.gov/vuln/detail/CVE-2021-37219 https://security.gentoo.org/glsa/202207-01 https://www.cve.org/CVERecord?id=CVE-2021-37219 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-29153	HIGH	v0.0.0-20171026175957-610f3c86a089	1.9.17, 1.10.10, 1.11.5	https://access.redhat.com/security/cve/CVE-2022-29153 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 https://github.com/advisories/GHSA-q6h7-4qgw-2j9p https://github.com/hashicorp/consul https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://nvd.nist.gov/vuln/detail/CVE-2022-29153 https://security.gentoo.org/glsa/202208-09 https://security.netapp.com/advisory/ntap-20220602-0005 https://security.netapp.com/advisory/ntap-20220602-0005/ https://www.cve.org/CVERecord?id=CVE-2022-29153
github.com/hashicorp/consul	CVE-2020-25864	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.9.5, 1.8.10, 1.7.14	https://access.redhat.com/security/cve/CVE-2020-25864 https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10023 https://nvd.nist.gov/vuln/detail/CVE-2020-25864 https://security.gentoo.org/glsa/202208-09 https://www.cve.org/CVERecord?id=CVE-2020-25864 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-38698	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10824 https://nvd.nist.gov/vuln/detail/CVE-2021-38698 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-40716	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.11.9, 1.12.5, 1.13.2	https://access.redhat.com/security/cve/CVE-2022-40716 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628/1 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/8f6fb4f6fe9488b8ec37da71ac503081d7d3760b https://github.com/hashicorp/consul/pull/14579 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI https://nvd.nist.gov/vuln/detail/CVE-2022-40716 https://www.cve.org/CVERecord?id=CVE-2022-40716
github.com/hashicorp/consul	CVE-2023-1297	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.14.5, 1.15.3	https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 https://github.com/hashicorp/consul https://nvd.nist.gov/vuln/detail/CVE-2023-1297
github.com/hashicorp/go-getter	CVE-2022-26945	CRITICAL	v1.4.2-0.20200106182914-9813cbd4eb02	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-26945 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://nvd.nist.gov/vuln/detail/CVE-2022-26945 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-26945
github.com/hashicorp/go-getter	CVE-2022-30321	HIGH	v1.4.2-0.20200106182914-9813cbd4eb02	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30321 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30321 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30321
github.com/hashicorp/go-getter	CVE-2022-30322	HIGH	v1.4.2-0.20200106182914-9813cbd4eb02	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30322 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30322 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30322
github.com/hashicorp/go-getter	CVE-2022-30323	HIGH	v1.4.2-0.20200106182914-9813cbd4eb02	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30323 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30323 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30323
github.com/hashicorp/go-getter	CVE-2024-6257	HIGH	v1.4.2-0.20200106182914-9813cbd4eb02	1.7.5	https://access.redhat.com/security/cve/CVE-2024-6257 https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 https://github.com/advisories/GHSA-xfhp-jf8p-mh5w https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9 https://nvd.nist.gov/vuln/detail/CVE-2024-6257 https://www.cve.org/CVERecord?id=CVE-2024-6257
github.com/hashicorp/go-getter	CVE-2022-29810	MEDIUM	v1.4.2-0.20200106182914-9813cbd4eb02	1.5.11	https://access.redhat.com/security/cve/CVE-2022-29810 https://github.com/golang/vulndb/issues/438 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11 https://nvd.nist.gov/vuln/detail/CVE-2022-29810 https://pkg.go.dev/vuln/GO-2022-0438 https://www.cve.org/CVERecord?id=CVE-2022-29810
github.com/hashicorp/go-getter	CVE-2023-0475	MEDIUM	v1.4.2-0.20200106182914-9813cbd4eb02	1.7.0	https://access.redhat.com/security/cve/CVE-2023-0475 https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6 https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc https://nvd.nist.gov/vuln/detail/CVE-2023-0475 https://www.cve.org/CVERecord?id=CVE-2023-0475
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	MEDIUM	v0.5.2	0.7.7	https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-6104 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://discuss.hashicorp.com/c/security https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027 https://errata.almalinux.org/9/ALSA-2024-9115.html https://github.com/advisories/GHSA-v6v8-xj6m-xwqh https://github.com/hashicorp/go-retryablehttp https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a https://linux.oracle.com/cve/CVE-2024-6104.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-6104 https://www.cve.org/CVERecord?id=CVE-2024-6104
github.com/hashicorp/go-slug	CVE-2020-29529	HIGH	v0.4.1	0.5.0	https://access.redhat.com/security/cve/CVE-2020-29529 https://github.com/hashicorp/go-slug https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f https://github.com/hashicorp/go-slug/commit/764785bc4cbb9e600ad1cf1a6bd21b535c182983 https://github.com/hashicorp/go-slug/compare/v0.4.3...v0.5.0 https://github.com/hashicorp/go-slug/pull/12 https://github.com/hashicorp/go-slug/releases/tag/v0.5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-29529 https://pkg.go.dev/vuln/GO-2021-0094 https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug https://www.cve.org/CVERecord?id=CVE-2020-29529
github.com/ulikunitz/xz	CVE-2020-16845	HIGH	v0.5.5	0.5.8	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html https://access.redhat.com/security/cve/CVE-2020-16845 https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b https://github.com/ulikunitz/xz/issues/35 https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q https://groups.google.com/forum/#%21topic/golang-announce/NyPIaucMgXo https://groups.google.com/forum/#%21topic/golang-announce/_ulYYcIWg3Q https://groups.google.com/g/golang-announce/c/NyPIaucMgXo https://linux.oracle.com/cve/CVE-2020-16845.html https://linux.oracle.com/errata/ELSA-2020-5828.html https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4 https://nvd.nist.gov/vuln/detail/CVE-2020-16845 https://security.netapp.com/advisory/ntap-20200924-0002 https://security.netapp.com/advisory/ntap-20200924-0002/ https://ubuntu.com/security/notices/USN-5725-1 https://ubuntu.com/security/notices/USN-5725-2 https://www.cve.org/CVERecord?id=CVE-2020-16845 https://www.debian.org/security/2021/dsa-4848 https://www.oracle.com/security-alerts/cpuApr2021.html
github.com/ulikunitz/xz	CVE-2021-29482	HIGH	v0.5.5	0.5.8	https://access.redhat.com/security/cve/CVE-2021-29482 https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b https://github.com/ulikunitz/xz/issues/35 https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27 https://nvd.nist.gov/vuln/detail/CVE-2021-29482 https://pkg.go.dev/vuln/GO-2020-0016 https://www.cve.org/CVERecord?id=CVE-2021-29482
golang.org/x/crypto	CVE-2020-29652	HIGH	v0.0.0-20200622213623-75b288015ac9	0.0.0-20201216223049-8b5274cf687f	https://access.redhat.com/security/cve/CVE-2020-29652 https://errata.almalinux.org/8/ALSA-2021-1796.html https://go-review.googlesource.com/c/crypto/+/278852 https://go.dev/cl/278852 https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8 https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1 https://linux.oracle.com/cve/CVE-2020-29652.html https://linux.oracle.com/errata/ELSA-2021-1796.html https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2020-29652 https://pkg.go.dev/vuln/GO-2021-0227 https://www.cve.org/CVERecord?id=CVE-2020-29652
golang.org/x/crypto	CVE-2021-43565	HIGH	v0.0.0-20200622213623-75b288015ac9	0.0.0-20211202192323-5770296d904e	https://access.redhat.com/security/cve/CVE-2021-43565 https://go.dev/cl/368814 https://go.dev/issues/49932 https://groups.google.com/forum/#!forum/golang-announce https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs https://nvd.nist.gov/vuln/detail/CVE-2021-43565 https://pkg.go.dev/vuln/GO-2022-0968 https://www.cve.org/CVERecord?id=CVE-2021-43565
golang.org/x/crypto	CVE-2022-27191	HIGH	v0.0.0-20200622213623-75b288015ac9	0.0.0-20220314234659-1baeb1ce4c0b	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2022-27191 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://cs.opensource.google/go/x/crypto https://errata.almalinux.org/9/ALSA-2022-8008.html https://go.dev/cl/392355 https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/-cp44ypCT5s https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ https://linux.oracle.com/cve/CVE-2022-27191.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-27191 https://pkg.go.dev/vuln/GO-2021-0356 https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml https://security.netapp.com/advisory/ntap-20220429-0002 https://security.netapp.com/advisory/ntap-20220429-0002/ https://www.cve.org/CVERecord?id=CVE-2022-27191
golang.org/x/crypto	CVE-2023-48795	MEDIUM	v0.0.0-20200622213623-75b288015ac9	0.17.0	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/errata/RHSA-2024:1150 https://access.redhat.com/security/cve/CVE-2023-48795 https://access.redhat.com/security/cve/cve-2023-48795 https://access.redhat.com/solutions/7071748 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/2254210 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 https://errata.almalinux.org/9/ALSA-2024-1150.html https://errata.rockylinux.org/RLSA-2024:0628 https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 https://gitlab.com/libssh/libssh-mirror/-/tags https://go.dev/cl/550715 https://go.dev/issue/64784 https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5 https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://linux.oracle.com/cve/CVE-2023-48795.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://oryx-embedded.com/download/#changelog https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 https://security.netapp.com/advisory/ntap-20240105-0004 https://security.netapp.com/advisory/ntap-20240105-0004/ https://support.apple.com/kb/HT214084 https://terrapin-attack.com/ https://thorntech.com/cve-2023-48795-and-sftp-gateway https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://ubuntu.com/security/notices/USN-6560-1 https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6561-1 https://ubuntu.com/security/notices/USN-6585-1 https://ubuntu.com/security/notices/USN-6589-1 https://ubuntu.com/security/notices/USN-6598-1 https://ubuntu.com/security/notices/USN-6738-1 https://ubuntu.com/security/notices/USN-7051-1 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.debian.org/security/2023/dsa-5586 https://www.debian.org/security/2023/dsa-5588 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt
golang.org/x/net	CVE-2021-33194	HIGH	v0.0.0-20200602114024-627f9648deb9	0.0.0-20210520170846-37e1c6afe023	https://access.redhat.com/security/cve/CVE-2021-33194 https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7 https://go.dev/cl/311090 https://go.dev/issue/46288 https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7 https://groups.google.com/g/golang-announce/c/wPunbCPkWUg https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM https://nvd.nist.gov/vuln/detail/CVE-2021-33194 https://pkg.go.dev/vuln/GO-2021-0238 https://www.cve.org/CVERecord?id=CVE-2021-33194
golang.org/x/net	CVE-2022-27664	HIGH	v0.0.0-20200602114024-627f9648deb9	0.0.0-20220906165146-f3363e06e74c	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-27664 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=1913333 https://bugzilla.redhat.com/show_bug.cgi?id=1913338 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 https://bugzilla.redhat.com/show_bug.cgi?id=2124669 https://cs.opensource.google/go/x/net https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:7129 https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) https://github.com/golang/go/issues/54658 https://go.dev/cl/428735 https://go.dev/issue/54658 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ https://linux.oracle.com/cve/CVE-2022-27664.html https://linux.oracle.com/errata/ELSA-2024-0121.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://pkg.go.dev/vuln/GO-2022-0969 https://security.gentoo.org/glsa/202209-26 https://security.netapp.com/advisory/ntap-20220923-0004 https://security.netapp.com/advisory/ntap-20220923-0004/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-27664
golang.org/x/net	CVE-2022-41723	HIGH	v0.0.0-20200602114024-627f9648deb9	0.7.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://linux.oracle.com/cve/CVE-2022-41723.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/ https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://pkg.go.dev/vuln/GO-2023-1571 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://vuln.go.dev/ID/GO-2023-1571.json https://www.couchbase.com/alerts https://www.couchbase.com/alerts/ https://www.cve.org/CVERecord?id=CVE-2022-41723
golang.org/x/net	CVE-2023-39325	HIGH	v0.0.0-20200602114024-627f9648deb9	0.17.0	golang.org/x/net https://access.redhat.com/errata/RHSA-2023:6077 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://errata.almalinux.org/9/ALSA-2023-6077.html https://errata.rockylinux.org/RLSA-2023:6077 https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] https://github.com/golang/go/issues/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://linux.oracle.com/cve/CVE-2023-39325.html https://linux.oracle.com/errata/ELSA-2023-5867.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://pkg.go.dev/vuln/GO-2023-2102 https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231110-0008 https://security.netapp.com/advisory/ntap-20231110-0008/ https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-7061-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-39325
golang.org/x/net	CVE-2021-31525	MEDIUM	v0.0.0-20200602114024-627f9648deb9	0.0.0-20210428140749-89ef3d95e781	https://access.redhat.com/security/cve/CVE-2021-31525 https://github.com/golang/go https://github.com/golang/go/issues/45710 https://go.dev/cl/313069 https://go.dev/issue/45710 https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9 https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc https://linux.oracle.com/cve/CVE-2021-31525.html https://linux.oracle.com/errata/ELSA-2021-3076.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF https://nvd.nist.gov/vuln/detail/CVE-2021-31525 https://pkg.go.dev/vuln/GO-2022-0236 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-31525
golang.org/x/net	CVE-2022-41717	MEDIUM	v0.0.0-20200602114024-627f9648deb9	0.4.0	https://access.redhat.com/errata/RHSA-2023:6420 https://access.redhat.com/security/cve/CVE-2022-41717 https://bugzilla.redhat.com/2131146 https://bugzilla.redhat.com/2131147 https://bugzilla.redhat.com/2131148 https://bugzilla.redhat.com/2138014 https://bugzilla.redhat.com/2138015 https://bugzilla.redhat.com/2148252 https://bugzilla.redhat.com/2158420 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/2184483 https://cs.opensource.google/go/x/net https://errata.almalinux.org/9/ALSA-2023-6420.html https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://linux.oracle.com/cve/CVE-2022-41717.html https://linux.oracle.com/errata/ELSA-2023-6420.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2022-41717 https://pkg.go.dev/vuln/GO-2022-1144 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-41717
golang.org/x/net	CVE-2023-3978	MEDIUM	v0.0.0-20200602114024-627f9648deb9	0.13.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-3978 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://go.dev/cl/514896 https://go.dev/issue/61615 https://linux.oracle.com/cve/CVE-2023-3978.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-3978 https://pkg.go.dev/vuln/GO-2023-1988 https://www.cve.org/CVERecord?id=CVE-2023-3978
golang.org/x/net	CVE-2023-44487	MEDIUM	v0.0.0-20200602114024-627f9648deb9	0.17.0	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
golang.org/x/net	CVE-2023-45288	MEDIUM	v0.0.0-20200602114024-627f9648deb9	0.23.0	http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://access.redhat.com/errata/RHSA-2024:2724 https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268018 https://bugzilla.redhat.com/2268019 https://bugzilla.redhat.com/2268273 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 https://errata.almalinux.org/9/ALSA-2024-2724.html https://errata.rockylinux.org/RLSA-2024:2724 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://kb.cert.org/vuls/id/421644 https://linux.oracle.com/cve/CVE-2023-45288.html https://linux.oracle.com/errata/ELSA-2024-3346.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://nowotarski.info/http2-continuation-flood-technical-details https://nowotarski.info/http2-continuation-flood/ https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://security.netapp.com/advisory/ntap-20240419-0009/ https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://www.kb.cert.org/vuls/id/421644
golang.org/x/sys	CVE-2022-29526	MEDIUM	v0.0.0-20200323222414-85ca7c5b95cd	0.0.0-20220412211240-33da011f77ad	https://access.redhat.com/security/cve/CVE-2022-29526 https://github.com/golang/go https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c https://github.com/golang/go/issues/52313 https://go.dev/cl/399539 https://go.dev/cl/400074 https://go.dev/issue/52313 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU https://linux.oracle.com/cve/CVE-2022-29526.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-29526 https://pkg.go.dev/vuln/GO-2022-0493 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220729-0001 https://security.netapp.com/advisory/ntap-20220729-0001/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-29526
golang.org/x/text	CVE-2021-38561	HIGH	v0.3.2	0.3.7	https://access.redhat.com/security/cve/CVE-2021-38561 https://deps.dev/advisory/OSV/GO-2021-0113 https://go.dev/cl/340830 https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f https://groups.google.com/g/golang-announce https://nvd.nist.gov/vuln/detail/CVE-2021-38561 https://pkg.go.dev/golang.org/x/text/language https://pkg.go.dev/vuln/GO-2021-0113 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2021-38561
golang.org/x/text	CVE-2022-32149	HIGH	v0.3.2	0.3.8	https://access.redhat.com/security/cve/CVE-2022-32149 https://github.com/golang/go/issues/56152 https://github.com/golang/text https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) https://go.dev/cl/442235 https://go.dev/issue/56152 https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ https://groups.google.com/g/golang-dev/c/qfPIly0X7aU https://nvd.nist.gov/vuln/detail/CVE-2022-32149 https://pkg.go.dev/vuln/GO-2022-1059 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2022-32149
golang.org/x/text	CVE-2020-14040	MEDIUM	v0.3.2	0.3.3	https://access.redhat.com/security/cve/CVE-2020-14040 https://errata.almalinux.org/8/ALSA-2020-4694.html https://github.com/golang/go/issues/39491 https://github.com/golang/text/commit/23ae387dee1f90d29a23c0e87ee0b46038fbed0e https://go-review.googlesource.com/c/text/+/238238 https://go.dev/cl/238238 https://go.dev/issue/39491 https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0 https://groups.google.com/forum/#%21topic/golang-announce/bXVeAmGOqz0 https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0 https://linux.oracle.com/cve/CVE-2020-14040.html https://linux.oracle.com/errata/ELSA-2020-4694.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O https://nvd.nist.gov/vuln/detail/CVE-2020-14040 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2020-14040
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	v1.27.1	1.56.3, 1.57.1, 1.58.3	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g https://nvd.nist.gov/vuln/detail/CVE-2023-44487
google.golang.org/grpc	CVE-2023-44487	MEDIUM	v1.27.1	1.58.3, 1.57.1, 1.56.3	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
k8s.io/apimachinery	GHSA-74fp-r6jw-h4mp	HIGH	v0.0.0-20190913080033-27d36303b655	0.0.0-20190927203648-9ce6eca90e73	https://github.com/advisories/GHSA-pmqp-h87c-mr78 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/83253 https://github.com/kubernetes/kubernetes/pull/83261 https://groups.google.com/g/kubernetes-security-announce/c/jk8polzSUxs https://nvd.nist.gov/vuln/detail/CVE-2019-11253 https://pkg.go.dev/vuln/GO-2022-0965 https://stackoverflow.com/questions/58129150/security-yaml-bomb-user-can-restart-kube-api-by-sending-configmap
k8s.io/apimachinery	CVE-2020-8559	MEDIUM	v0.0.0-20190913080033-27d36303b655	0.16.13, 0.17.9, 0.18.7	https://access.redhat.com/security/cve/CVE-2020-8559 https://bugzilla.redhat.com/show_bug.cgi?id=1851422 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/92914 https://github.com/kubernetes/kubernetes/pull/92941 https://github.com/tdwyer/CVE-2020-8559 https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs https://linux.oracle.com/cve/CVE-2020-8559.html https://linux.oracle.com/errata/ELSA-2020-5767.html https://nvd.nist.gov/vuln/detail/CVE-2020-8559 https://security.netapp.com/advisory/ntap-20200810-0004 https://security.netapp.com/advisory/ntap-20200810-0004/ https://www.cve.org/CVERecord?id=CVE-2020-8559 https://www.cve.org/cverecord?id=CVE-2020-8559
k8s.io/client-go	CVE-2019-11250	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.17.0	http://www.openwall.com/lists/oss-security/2020/10/16/2 https://access.redhat.com/errata/RHSA-2019:4052 https://access.redhat.com/errata/RHSA-2019:4087 https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://access.redhat.com/security/cve/CVE-2019-11250 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245 https://github.com/kubernetes/kubernetes/issues/81114 https://github.com/kubernetes/kubernetes/pull/81330 https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://pkg.go.dev/vuln/GO-2021-0065 https://security.netapp.com/advisory/ntap-20190919-0003 https://security.netapp.com/advisory/ntap-20190919-0003/ https://www.cve.org/CVERecord?id=CVE-2019-11250 https://www.cve.org/cverecord?id=CVE-2019-11250
k8s.io/client-go	CVE-2020-8565	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16	https://access.redhat.com/security/cve/CVE-2020-8565 https://github.com/kubernetes/client-go https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3 https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0 https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86 https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373 https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419 https://github.com/kubernetes/kubernetes/issues/95623 https://github.com/kubernetes/kubernetes/pull/95316 https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ https://nvd.nist.gov/vuln/detail/CVE-2020-8565 https://pkg.go.dev/vuln/GO-2021-0064 https://www.cve.org/CVERecord?id=CVE-2020-8565 https://www.cve.org/cverecord?id=CVE-2020-8565
77 other vulnerabilities found...
No Misconfigurations found

usr/bin/terraform_0.13.7 (gobinary)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/aws/aws-sdk-go	CVE-2020-8911	MEDIUM	v1.31.9	1.34.0	https://access.redhat.com/security/cve/CVE-2020-8911 https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09 https://bugzilla.redhat.com/show_bug.cgi?id=1869800 https://github.com/aws/aws-sdk-go https://github.com/aws/aws-sdk-go/commit/1e84382fa1c0086362b5a4b68e068d4f8518d40e https://github.com/aws/aws-sdk-go/commit/ae9b9fd92af132cfd8d879809d8611825ba135f4 https://github.com/aws/aws-sdk-go/pull/3403 https://github.com/google/security-research/security/advisories/GHSA-f5pg-7wfw-84q9 https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc https://nvd.nist.gov/vuln/detail/CVE-2020-8911 https://pkg.go.dev/vuln/GO-2022-0646 https://www.cve.org/CVERecord?id=CVE-2020-8911
github.com/aws/aws-sdk-go	CVE-2022-2582	MEDIUM	v1.31.9	1.34.0	https://github.com/aws/aws-sdk-go https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1 https://nvd.nist.gov/vuln/detail/CVE-2022-2582 https://pkg.go.dev/vuln/GO-2022-0391
github.com/aws/aws-sdk-go	GHSA-76wf-9vgp-pj7w	MEDIUM	v1.31.9	1.34.0	https://github.com/aws/aws-sdk-go https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1 https://github.com/google/security-research/security/advisories/GHSA-76wf-9vgp-pj7w https://pkg.go.dev/vuln/GO-2022-0391
github.com/aws/aws-sdk-go	CVE-2020-8912	LOW	v1.31.9	1.34.0	https://access.redhat.com/security/cve/CVE-2020-8912 https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09 https://bugzilla.redhat.com/show_bug.cgi?id=1869801 https://github.com/aws/aws-sdk-go https://github.com/aws/aws-sdk-go/commit/1e84382fa1c0086362b5a4b68e068d4f8518d40e https://github.com/aws/aws-sdk-go/commit/ae9b9fd92af132cfd8d879809d8611825ba135f4 https://github.com/aws/aws-sdk-go/pull/3403 https://github.com/google/security-research/security/advisories/GHSA-7f33-f4f5-xwgw https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc https://nvd.nist.gov/vuln/detail/CVE-2020-8912 https://pkg.go.dev/vuln/GO-2022-0646 https://www.cve.org/CVERecord?id=CVE-2020-8912
github.com/dgrijalva/jwt-go	CVE-2020-26160	HIGH	v3.2.0+incompatible	no fix available	https://access.redhat.com/security/cve/CVE-2020-26160 https://github.com/dgrijalva/jwt-go https://github.com/dgrijalva/jwt-go/commit/ec0a89a131e3e8567adcb21254a5cd20a70ea4ab https://github.com/dgrijalva/jwt-go/issues/422 https://github.com/dgrijalva/jwt-go/issues/462 https://github.com/dgrijalva/jwt-go/pull/426 https://nvd.nist.gov/vuln/detail/CVE-2020-26160 https://pkg.go.dev/vuln/GO-2020-0017 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515 https://www.cve.org/CVERecord?id=CVE-2020-26160
github.com/gogo/protobuf	CVE-2021-3121	HIGH	v1.2.2-0.20190723190241-65acae22fc9d	1.3.2	https://access.redhat.com/security/cve/CVE-2021-3121 https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 https://github.com/gogo/protobuf https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-3121 https://pkg.go.dev/vuln/GO-2021-0053 https://security.netapp.com/advisory/ntap-20210219-0006 https://security.netapp.com/advisory/ntap-20210219-0006/ https://www.cve.org/CVERecord?id=CVE-2021-3121
github.com/hashicorp/consul	CVE-2019-9764	HIGH	v0.0.0-20171026175957-610f3c86a089	1.4.4	https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40 https://github.com/hashicorp/consul/issues/5519 https://nvd.nist.gov/vuln/detail/CVE-2019-9764
github.com/hashicorp/consul	CVE-2020-7219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.6.3	https://access.redhat.com/security/cve/CVE-2020-7219 https://github.com/hashicorp/consul/issues/7159 https://nvd.nist.gov/vuln/detail/CVE-2020-7219 https://www.cve.org/CVERecord?id=CVE-2020-7219 https://www.hashicorp.com/blog/category/consul https://www.hashicorp.com/blog/category/consul/
github.com/hashicorp/consul	CVE-2021-32574	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32574 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-36213	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36213 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-37219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://access.redhat.com/security/cve/CVE-2021-37219 https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0 https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1 https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 https://github.com/hashicorp/consul/pull/10925 https://nvd.nist.gov/vuln/detail/CVE-2021-37219 https://security.gentoo.org/glsa/202207-01 https://www.cve.org/CVERecord?id=CVE-2021-37219 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-29153	HIGH	v0.0.0-20171026175957-610f3c86a089	1.9.17, 1.10.10, 1.11.5	https://access.redhat.com/security/cve/CVE-2022-29153 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 https://github.com/advisories/GHSA-q6h7-4qgw-2j9p https://github.com/hashicorp/consul https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://nvd.nist.gov/vuln/detail/CVE-2022-29153 https://security.gentoo.org/glsa/202208-09 https://security.netapp.com/advisory/ntap-20220602-0005 https://security.netapp.com/advisory/ntap-20220602-0005/ https://www.cve.org/CVERecord?id=CVE-2022-29153
github.com/hashicorp/consul	CVE-2020-25864	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.9.5, 1.8.10, 1.7.14	https://access.redhat.com/security/cve/CVE-2020-25864 https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10023 https://nvd.nist.gov/vuln/detail/CVE-2020-25864 https://security.gentoo.org/glsa/202208-09 https://www.cve.org/CVERecord?id=CVE-2020-25864 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-38698	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10824 https://nvd.nist.gov/vuln/detail/CVE-2021-38698 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-40716	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.11.9, 1.12.5, 1.13.2	https://access.redhat.com/security/cve/CVE-2022-40716 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628/1 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/8f6fb4f6fe9488b8ec37da71ac503081d7d3760b https://github.com/hashicorp/consul/pull/14579 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI https://nvd.nist.gov/vuln/detail/CVE-2022-40716 https://www.cve.org/CVERecord?id=CVE-2022-40716
github.com/hashicorp/consul	CVE-2023-1297	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.14.5, 1.15.3	https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 https://github.com/hashicorp/consul https://nvd.nist.gov/vuln/detail/CVE-2023-1297
github.com/hashicorp/go-getter	CVE-2022-26945	CRITICAL	v1.4.2-0.20200106182914-9813cbd4eb02	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-26945 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://nvd.nist.gov/vuln/detail/CVE-2022-26945 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-26945
github.com/hashicorp/go-getter	CVE-2022-30321	HIGH	v1.4.2-0.20200106182914-9813cbd4eb02	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30321 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30321 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30321
github.com/hashicorp/go-getter	CVE-2022-30322	HIGH	v1.4.2-0.20200106182914-9813cbd4eb02	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30322 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30322 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30322
github.com/hashicorp/go-getter	CVE-2022-30323	HIGH	v1.4.2-0.20200106182914-9813cbd4eb02	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30323 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30323 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30323
github.com/hashicorp/go-getter	CVE-2024-6257	HIGH	v1.4.2-0.20200106182914-9813cbd4eb02	1.7.5	https://access.redhat.com/security/cve/CVE-2024-6257 https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 https://github.com/advisories/GHSA-xfhp-jf8p-mh5w https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9 https://nvd.nist.gov/vuln/detail/CVE-2024-6257 https://www.cve.org/CVERecord?id=CVE-2024-6257
github.com/hashicorp/go-getter	CVE-2022-29810	MEDIUM	v1.4.2-0.20200106182914-9813cbd4eb02	1.5.11	https://access.redhat.com/security/cve/CVE-2022-29810 https://github.com/golang/vulndb/issues/438 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11 https://nvd.nist.gov/vuln/detail/CVE-2022-29810 https://pkg.go.dev/vuln/GO-2022-0438 https://www.cve.org/CVERecord?id=CVE-2022-29810
github.com/hashicorp/go-getter	CVE-2023-0475	MEDIUM	v1.4.2-0.20200106182914-9813cbd4eb02	1.7.0	https://access.redhat.com/security/cve/CVE-2023-0475 https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6 https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc https://nvd.nist.gov/vuln/detail/CVE-2023-0475 https://www.cve.org/CVERecord?id=CVE-2023-0475
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	MEDIUM	v0.5.2	0.7.7	https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-6104 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://discuss.hashicorp.com/c/security https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027 https://errata.almalinux.org/9/ALSA-2024-9115.html https://github.com/advisories/GHSA-v6v8-xj6m-xwqh https://github.com/hashicorp/go-retryablehttp https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a https://linux.oracle.com/cve/CVE-2024-6104.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-6104 https://www.cve.org/CVERecord?id=CVE-2024-6104
github.com/hashicorp/go-slug	CVE-2020-29529	HIGH	v0.4.1	0.5.0	https://access.redhat.com/security/cve/CVE-2020-29529 https://github.com/hashicorp/go-slug https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f https://github.com/hashicorp/go-slug/commit/764785bc4cbb9e600ad1cf1a6bd21b535c182983 https://github.com/hashicorp/go-slug/compare/v0.4.3...v0.5.0 https://github.com/hashicorp/go-slug/pull/12 https://github.com/hashicorp/go-slug/releases/tag/v0.5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-29529 https://pkg.go.dev/vuln/GO-2021-0094 https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug https://www.cve.org/CVERecord?id=CVE-2020-29529
github.com/ulikunitz/xz	CVE-2020-16845	HIGH	v0.5.5	0.5.8	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html https://access.redhat.com/security/cve/CVE-2020-16845 https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b https://github.com/ulikunitz/xz/issues/35 https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q https://groups.google.com/forum/#%21topic/golang-announce/NyPIaucMgXo https://groups.google.com/forum/#%21topic/golang-announce/_ulYYcIWg3Q https://groups.google.com/g/golang-announce/c/NyPIaucMgXo https://linux.oracle.com/cve/CVE-2020-16845.html https://linux.oracle.com/errata/ELSA-2020-5828.html https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4 https://nvd.nist.gov/vuln/detail/CVE-2020-16845 https://security.netapp.com/advisory/ntap-20200924-0002 https://security.netapp.com/advisory/ntap-20200924-0002/ https://ubuntu.com/security/notices/USN-5725-1 https://ubuntu.com/security/notices/USN-5725-2 https://www.cve.org/CVERecord?id=CVE-2020-16845 https://www.debian.org/security/2021/dsa-4848 https://www.oracle.com/security-alerts/cpuApr2021.html
github.com/ulikunitz/xz	CVE-2021-29482	HIGH	v0.5.5	0.5.8	https://access.redhat.com/security/cve/CVE-2021-29482 https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b https://github.com/ulikunitz/xz/issues/35 https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27 https://nvd.nist.gov/vuln/detail/CVE-2021-29482 https://pkg.go.dev/vuln/GO-2020-0016 https://www.cve.org/CVERecord?id=CVE-2021-29482
golang.org/x/crypto	CVE-2020-29652	HIGH	v0.0.0-20200622213623-75b288015ac9	0.0.0-20201216223049-8b5274cf687f	https://access.redhat.com/security/cve/CVE-2020-29652 https://errata.almalinux.org/8/ALSA-2021-1796.html https://go-review.googlesource.com/c/crypto/+/278852 https://go.dev/cl/278852 https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8 https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1 https://linux.oracle.com/cve/CVE-2020-29652.html https://linux.oracle.com/errata/ELSA-2021-1796.html https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2020-29652 https://pkg.go.dev/vuln/GO-2021-0227 https://www.cve.org/CVERecord?id=CVE-2020-29652
golang.org/x/crypto	CVE-2021-43565	HIGH	v0.0.0-20200622213623-75b288015ac9	0.0.0-20211202192323-5770296d904e	https://access.redhat.com/security/cve/CVE-2021-43565 https://go.dev/cl/368814 https://go.dev/issues/49932 https://groups.google.com/forum/#!forum/golang-announce https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs https://nvd.nist.gov/vuln/detail/CVE-2021-43565 https://pkg.go.dev/vuln/GO-2022-0968 https://www.cve.org/CVERecord?id=CVE-2021-43565
golang.org/x/crypto	CVE-2022-27191	HIGH	v0.0.0-20200622213623-75b288015ac9	0.0.0-20220314234659-1baeb1ce4c0b	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2022-27191 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://cs.opensource.google/go/x/crypto https://errata.almalinux.org/9/ALSA-2022-8008.html https://go.dev/cl/392355 https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/-cp44ypCT5s https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ https://linux.oracle.com/cve/CVE-2022-27191.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-27191 https://pkg.go.dev/vuln/GO-2021-0356 https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml https://security.netapp.com/advisory/ntap-20220429-0002 https://security.netapp.com/advisory/ntap-20220429-0002/ https://www.cve.org/CVERecord?id=CVE-2022-27191
golang.org/x/crypto	CVE-2023-48795	MEDIUM	v0.0.0-20200622213623-75b288015ac9	0.17.0	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/errata/RHSA-2024:1150 https://access.redhat.com/security/cve/CVE-2023-48795 https://access.redhat.com/security/cve/cve-2023-48795 https://access.redhat.com/solutions/7071748 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/2254210 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 https://errata.almalinux.org/9/ALSA-2024-1150.html https://errata.rockylinux.org/RLSA-2024:0628 https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 https://gitlab.com/libssh/libssh-mirror/-/tags https://go.dev/cl/550715 https://go.dev/issue/64784 https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5 https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://linux.oracle.com/cve/CVE-2023-48795.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://oryx-embedded.com/download/#changelog https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 https://security.netapp.com/advisory/ntap-20240105-0004 https://security.netapp.com/advisory/ntap-20240105-0004/ https://support.apple.com/kb/HT214084 https://terrapin-attack.com/ https://thorntech.com/cve-2023-48795-and-sftp-gateway https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://ubuntu.com/security/notices/USN-6560-1 https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6561-1 https://ubuntu.com/security/notices/USN-6585-1 https://ubuntu.com/security/notices/USN-6589-1 https://ubuntu.com/security/notices/USN-6598-1 https://ubuntu.com/security/notices/USN-6738-1 https://ubuntu.com/security/notices/USN-7051-1 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.debian.org/security/2023/dsa-5586 https://www.debian.org/security/2023/dsa-5588 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt
golang.org/x/net	CVE-2021-33194	HIGH	v0.0.0-20200602114024-627f9648deb9	0.0.0-20210520170846-37e1c6afe023	https://access.redhat.com/security/cve/CVE-2021-33194 https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7 https://go.dev/cl/311090 https://go.dev/issue/46288 https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7 https://groups.google.com/g/golang-announce/c/wPunbCPkWUg https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM https://nvd.nist.gov/vuln/detail/CVE-2021-33194 https://pkg.go.dev/vuln/GO-2021-0238 https://www.cve.org/CVERecord?id=CVE-2021-33194
golang.org/x/net	CVE-2022-27664	HIGH	v0.0.0-20200602114024-627f9648deb9	0.0.0-20220906165146-f3363e06e74c	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-27664 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=1913333 https://bugzilla.redhat.com/show_bug.cgi?id=1913338 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 https://bugzilla.redhat.com/show_bug.cgi?id=2124669 https://cs.opensource.google/go/x/net https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:7129 https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) https://github.com/golang/go/issues/54658 https://go.dev/cl/428735 https://go.dev/issue/54658 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ https://linux.oracle.com/cve/CVE-2022-27664.html https://linux.oracle.com/errata/ELSA-2024-0121.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://pkg.go.dev/vuln/GO-2022-0969 https://security.gentoo.org/glsa/202209-26 https://security.netapp.com/advisory/ntap-20220923-0004 https://security.netapp.com/advisory/ntap-20220923-0004/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-27664
golang.org/x/net	CVE-2022-41723	HIGH	v0.0.0-20200602114024-627f9648deb9	0.7.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://linux.oracle.com/cve/CVE-2022-41723.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/ https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://pkg.go.dev/vuln/GO-2023-1571 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://vuln.go.dev/ID/GO-2023-1571.json https://www.couchbase.com/alerts https://www.couchbase.com/alerts/ https://www.cve.org/CVERecord?id=CVE-2022-41723
golang.org/x/net	CVE-2023-39325	HIGH	v0.0.0-20200602114024-627f9648deb9	0.17.0	golang.org/x/net https://access.redhat.com/errata/RHSA-2023:6077 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://errata.almalinux.org/9/ALSA-2023-6077.html https://errata.rockylinux.org/RLSA-2023:6077 https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] https://github.com/golang/go/issues/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://linux.oracle.com/cve/CVE-2023-39325.html https://linux.oracle.com/errata/ELSA-2023-5867.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://pkg.go.dev/vuln/GO-2023-2102 https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231110-0008 https://security.netapp.com/advisory/ntap-20231110-0008/ https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-7061-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-39325
golang.org/x/net	CVE-2021-31525	MEDIUM	v0.0.0-20200602114024-627f9648deb9	0.0.0-20210428140749-89ef3d95e781	https://access.redhat.com/security/cve/CVE-2021-31525 https://github.com/golang/go https://github.com/golang/go/issues/45710 https://go.dev/cl/313069 https://go.dev/issue/45710 https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9 https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc https://linux.oracle.com/cve/CVE-2021-31525.html https://linux.oracle.com/errata/ELSA-2021-3076.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF https://nvd.nist.gov/vuln/detail/CVE-2021-31525 https://pkg.go.dev/vuln/GO-2022-0236 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-31525
golang.org/x/net	CVE-2022-41717	MEDIUM	v0.0.0-20200602114024-627f9648deb9	0.4.0	https://access.redhat.com/errata/RHSA-2023:6420 https://access.redhat.com/security/cve/CVE-2022-41717 https://bugzilla.redhat.com/2131146 https://bugzilla.redhat.com/2131147 https://bugzilla.redhat.com/2131148 https://bugzilla.redhat.com/2138014 https://bugzilla.redhat.com/2138015 https://bugzilla.redhat.com/2148252 https://bugzilla.redhat.com/2158420 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/2184483 https://cs.opensource.google/go/x/net https://errata.almalinux.org/9/ALSA-2023-6420.html https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://linux.oracle.com/cve/CVE-2022-41717.html https://linux.oracle.com/errata/ELSA-2023-6420.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2022-41717 https://pkg.go.dev/vuln/GO-2022-1144 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-41717
golang.org/x/net	CVE-2023-3978	MEDIUM	v0.0.0-20200602114024-627f9648deb9	0.13.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-3978 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://go.dev/cl/514896 https://go.dev/issue/61615 https://linux.oracle.com/cve/CVE-2023-3978.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-3978 https://pkg.go.dev/vuln/GO-2023-1988 https://www.cve.org/CVERecord?id=CVE-2023-3978
golang.org/x/net	CVE-2023-44487	MEDIUM	v0.0.0-20200602114024-627f9648deb9	0.17.0	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
golang.org/x/net	CVE-2023-45288	MEDIUM	v0.0.0-20200602114024-627f9648deb9	0.23.0	http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://access.redhat.com/errata/RHSA-2024:2724 https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268018 https://bugzilla.redhat.com/2268019 https://bugzilla.redhat.com/2268273 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 https://errata.almalinux.org/9/ALSA-2024-2724.html https://errata.rockylinux.org/RLSA-2024:2724 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://kb.cert.org/vuls/id/421644 https://linux.oracle.com/cve/CVE-2023-45288.html https://linux.oracle.com/errata/ELSA-2024-3346.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://nowotarski.info/http2-continuation-flood-technical-details https://nowotarski.info/http2-continuation-flood/ https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://security.netapp.com/advisory/ntap-20240419-0009/ https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://www.kb.cert.org/vuls/id/421644
golang.org/x/sys	CVE-2022-29526	MEDIUM	v0.0.0-20200323222414-85ca7c5b95cd	0.0.0-20220412211240-33da011f77ad	https://access.redhat.com/security/cve/CVE-2022-29526 https://github.com/golang/go https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c https://github.com/golang/go/issues/52313 https://go.dev/cl/399539 https://go.dev/cl/400074 https://go.dev/issue/52313 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU https://linux.oracle.com/cve/CVE-2022-29526.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-29526 https://pkg.go.dev/vuln/GO-2022-0493 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220729-0001 https://security.netapp.com/advisory/ntap-20220729-0001/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-29526
golang.org/x/text	CVE-2021-38561	HIGH	v0.3.2	0.3.7	https://access.redhat.com/security/cve/CVE-2021-38561 https://deps.dev/advisory/OSV/GO-2021-0113 https://go.dev/cl/340830 https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f https://groups.google.com/g/golang-announce https://nvd.nist.gov/vuln/detail/CVE-2021-38561 https://pkg.go.dev/golang.org/x/text/language https://pkg.go.dev/vuln/GO-2021-0113 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2021-38561
golang.org/x/text	CVE-2022-32149	HIGH	v0.3.2	0.3.8	https://access.redhat.com/security/cve/CVE-2022-32149 https://github.com/golang/go/issues/56152 https://github.com/golang/text https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) https://go.dev/cl/442235 https://go.dev/issue/56152 https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ https://groups.google.com/g/golang-dev/c/qfPIly0X7aU https://nvd.nist.gov/vuln/detail/CVE-2022-32149 https://pkg.go.dev/vuln/GO-2022-1059 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2022-32149
golang.org/x/text	CVE-2020-14040	MEDIUM	v0.3.2	0.3.3	https://access.redhat.com/security/cve/CVE-2020-14040 https://errata.almalinux.org/8/ALSA-2020-4694.html https://github.com/golang/go/issues/39491 https://github.com/golang/text/commit/23ae387dee1f90d29a23c0e87ee0b46038fbed0e https://go-review.googlesource.com/c/text/+/238238 https://go.dev/cl/238238 https://go.dev/issue/39491 https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0 https://groups.google.com/forum/#%21topic/golang-announce/bXVeAmGOqz0 https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0 https://linux.oracle.com/cve/CVE-2020-14040.html https://linux.oracle.com/errata/ELSA-2020-4694.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O https://nvd.nist.gov/vuln/detail/CVE-2020-14040 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2020-14040
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	v1.27.1	1.56.3, 1.57.1, 1.58.3	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g https://nvd.nist.gov/vuln/detail/CVE-2023-44487
google.golang.org/grpc	CVE-2023-44487	MEDIUM	v1.27.1	1.58.3, 1.57.1, 1.56.3	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
k8s.io/apimachinery	GHSA-74fp-r6jw-h4mp	HIGH	v0.0.0-20190913080033-27d36303b655	0.0.0-20190927203648-9ce6eca90e73	https://github.com/advisories/GHSA-pmqp-h87c-mr78 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/83253 https://github.com/kubernetes/kubernetes/pull/83261 https://groups.google.com/g/kubernetes-security-announce/c/jk8polzSUxs https://nvd.nist.gov/vuln/detail/CVE-2019-11253 https://pkg.go.dev/vuln/GO-2022-0965 https://stackoverflow.com/questions/58129150/security-yaml-bomb-user-can-restart-kube-api-by-sending-configmap
k8s.io/apimachinery	CVE-2020-8559	MEDIUM	v0.0.0-20190913080033-27d36303b655	0.16.13, 0.17.9, 0.18.7	https://access.redhat.com/security/cve/CVE-2020-8559 https://bugzilla.redhat.com/show_bug.cgi?id=1851422 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/92914 https://github.com/kubernetes/kubernetes/pull/92941 https://github.com/tdwyer/CVE-2020-8559 https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs https://linux.oracle.com/cve/CVE-2020-8559.html https://linux.oracle.com/errata/ELSA-2020-5767.html https://nvd.nist.gov/vuln/detail/CVE-2020-8559 https://security.netapp.com/advisory/ntap-20200810-0004 https://security.netapp.com/advisory/ntap-20200810-0004/ https://www.cve.org/CVERecord?id=CVE-2020-8559 https://www.cve.org/cverecord?id=CVE-2020-8559
k8s.io/client-go	CVE-2019-11250	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.17.0	http://www.openwall.com/lists/oss-security/2020/10/16/2 https://access.redhat.com/errata/RHSA-2019:4052 https://access.redhat.com/errata/RHSA-2019:4087 https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://access.redhat.com/security/cve/CVE-2019-11250 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245 https://github.com/kubernetes/kubernetes/issues/81114 https://github.com/kubernetes/kubernetes/pull/81330 https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://pkg.go.dev/vuln/GO-2021-0065 https://security.netapp.com/advisory/ntap-20190919-0003 https://security.netapp.com/advisory/ntap-20190919-0003/ https://www.cve.org/CVERecord?id=CVE-2019-11250 https://www.cve.org/cverecord?id=CVE-2019-11250
k8s.io/client-go	CVE-2020-8565	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16	https://access.redhat.com/security/cve/CVE-2020-8565 https://github.com/kubernetes/client-go https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3 https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0 https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86 https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373 https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419 https://github.com/kubernetes/kubernetes/issues/95623 https://github.com/kubernetes/kubernetes/pull/95316 https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ https://nvd.nist.gov/vuln/detail/CVE-2020-8565 https://pkg.go.dev/vuln/GO-2021-0064 https://www.cve.org/CVERecord?id=CVE-2020-8565 https://www.cve.org/cverecord?id=CVE-2020-8565
77 other vulnerabilities found...
No Misconfigurations found

usr/bin/terraform_0.14 (gobinary)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/dgrijalva/jwt-go	CVE-2020-26160	HIGH	v3.2.0+incompatible	no fix available	https://access.redhat.com/security/cve/CVE-2020-26160 https://github.com/dgrijalva/jwt-go https://github.com/dgrijalva/jwt-go/commit/ec0a89a131e3e8567adcb21254a5cd20a70ea4ab https://github.com/dgrijalva/jwt-go/issues/422 https://github.com/dgrijalva/jwt-go/issues/462 https://github.com/dgrijalva/jwt-go/pull/426 https://nvd.nist.gov/vuln/detail/CVE-2020-26160 https://pkg.go.dev/vuln/GO-2020-0017 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515 https://www.cve.org/CVERecord?id=CVE-2020-26160
github.com/gogo/protobuf	CVE-2021-3121	HIGH	v1.2.2-0.20190723190241-65acae22fc9d	1.3.2	https://access.redhat.com/security/cve/CVE-2021-3121 https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 https://github.com/gogo/protobuf https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-3121 https://pkg.go.dev/vuln/GO-2021-0053 https://security.netapp.com/advisory/ntap-20210219-0006 https://security.netapp.com/advisory/ntap-20210219-0006/ https://www.cve.org/CVERecord?id=CVE-2021-3121
github.com/hashicorp/consul	CVE-2019-9764	HIGH	v0.0.0-20171026175957-610f3c86a089	1.4.4	https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40 https://github.com/hashicorp/consul/issues/5519 https://nvd.nist.gov/vuln/detail/CVE-2019-9764
github.com/hashicorp/consul	CVE-2020-7219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.6.3	https://access.redhat.com/security/cve/CVE-2020-7219 https://github.com/hashicorp/consul/issues/7159 https://nvd.nist.gov/vuln/detail/CVE-2020-7219 https://www.cve.org/CVERecord?id=CVE-2020-7219 https://www.hashicorp.com/blog/category/consul https://www.hashicorp.com/blog/category/consul/
github.com/hashicorp/consul	CVE-2021-32574	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32574 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-36213	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36213 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-37219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://access.redhat.com/security/cve/CVE-2021-37219 https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0 https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1 https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 https://github.com/hashicorp/consul/pull/10925 https://nvd.nist.gov/vuln/detail/CVE-2021-37219 https://security.gentoo.org/glsa/202207-01 https://www.cve.org/CVERecord?id=CVE-2021-37219 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-29153	HIGH	v0.0.0-20171026175957-610f3c86a089	1.9.17, 1.10.10, 1.11.5	https://access.redhat.com/security/cve/CVE-2022-29153 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 https://github.com/advisories/GHSA-q6h7-4qgw-2j9p https://github.com/hashicorp/consul https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://nvd.nist.gov/vuln/detail/CVE-2022-29153 https://security.gentoo.org/glsa/202208-09 https://security.netapp.com/advisory/ntap-20220602-0005 https://security.netapp.com/advisory/ntap-20220602-0005/ https://www.cve.org/CVERecord?id=CVE-2022-29153
github.com/hashicorp/consul	CVE-2020-25864	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.9.5, 1.8.10, 1.7.14	https://access.redhat.com/security/cve/CVE-2020-25864 https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10023 https://nvd.nist.gov/vuln/detail/CVE-2020-25864 https://security.gentoo.org/glsa/202208-09 https://www.cve.org/CVERecord?id=CVE-2020-25864 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-38698	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10824 https://nvd.nist.gov/vuln/detail/CVE-2021-38698 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-40716	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.11.9, 1.12.5, 1.13.2	https://access.redhat.com/security/cve/CVE-2022-40716 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628/1 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/8f6fb4f6fe9488b8ec37da71ac503081d7d3760b https://github.com/hashicorp/consul/pull/14579 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI https://nvd.nist.gov/vuln/detail/CVE-2022-40716 https://www.cve.org/CVERecord?id=CVE-2022-40716
github.com/hashicorp/consul	CVE-2023-1297	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.14.5, 1.15.3	https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 https://github.com/hashicorp/consul https://nvd.nist.gov/vuln/detail/CVE-2023-1297
github.com/hashicorp/go-getter	CVE-2022-26945	CRITICAL	v1.5.1	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-26945 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://nvd.nist.gov/vuln/detail/CVE-2022-26945 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-26945
github.com/hashicorp/go-getter	CVE-2022-30321	HIGH	v1.5.1	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30321 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30321 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30321
github.com/hashicorp/go-getter	CVE-2022-30322	HIGH	v1.5.1	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30322 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30322 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30322
github.com/hashicorp/go-getter	CVE-2022-30323	HIGH	v1.5.1	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30323 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30323 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30323
github.com/hashicorp/go-getter	CVE-2024-6257	HIGH	v1.5.1	1.7.5	https://access.redhat.com/security/cve/CVE-2024-6257 https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 https://github.com/advisories/GHSA-xfhp-jf8p-mh5w https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9 https://nvd.nist.gov/vuln/detail/CVE-2024-6257 https://www.cve.org/CVERecord?id=CVE-2024-6257
github.com/hashicorp/go-getter	CVE-2022-29810	MEDIUM	v1.5.1	1.5.11	https://access.redhat.com/security/cve/CVE-2022-29810 https://github.com/golang/vulndb/issues/438 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11 https://nvd.nist.gov/vuln/detail/CVE-2022-29810 https://pkg.go.dev/vuln/GO-2022-0438 https://www.cve.org/CVERecord?id=CVE-2022-29810
github.com/hashicorp/go-getter	CVE-2023-0475	MEDIUM	v1.5.1	1.7.0	https://access.redhat.com/security/cve/CVE-2023-0475 https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6 https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc https://nvd.nist.gov/vuln/detail/CVE-2023-0475 https://www.cve.org/CVERecord?id=CVE-2023-0475
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	MEDIUM	v0.5.2	0.7.7	https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-6104 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://discuss.hashicorp.com/c/security https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027 https://errata.almalinux.org/9/ALSA-2024-9115.html https://github.com/advisories/GHSA-v6v8-xj6m-xwqh https://github.com/hashicorp/go-retryablehttp https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a https://linux.oracle.com/cve/CVE-2024-6104.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-6104 https://www.cve.org/CVERecord?id=CVE-2024-6104
github.com/hashicorp/go-slug	CVE-2020-29529	HIGH	v0.4.1	0.5.0	https://access.redhat.com/security/cve/CVE-2020-29529 https://github.com/hashicorp/go-slug https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f https://github.com/hashicorp/go-slug/commit/764785bc4cbb9e600ad1cf1a6bd21b535c182983 https://github.com/hashicorp/go-slug/compare/v0.4.3...v0.5.0 https://github.com/hashicorp/go-slug/pull/12 https://github.com/hashicorp/go-slug/releases/tag/v0.5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-29529 https://pkg.go.dev/vuln/GO-2021-0094 https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug https://www.cve.org/CVERecord?id=CVE-2020-29529
golang.org/x/crypto	CVE-2020-29652	HIGH	v0.0.0-20200622213623-75b288015ac9	0.0.0-20201216223049-8b5274cf687f	https://access.redhat.com/security/cve/CVE-2020-29652 https://errata.almalinux.org/8/ALSA-2021-1796.html https://go-review.googlesource.com/c/crypto/+/278852 https://go.dev/cl/278852 https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8 https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1 https://linux.oracle.com/cve/CVE-2020-29652.html https://linux.oracle.com/errata/ELSA-2021-1796.html https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2020-29652 https://pkg.go.dev/vuln/GO-2021-0227 https://www.cve.org/CVERecord?id=CVE-2020-29652
golang.org/x/crypto	CVE-2021-43565	HIGH	v0.0.0-20200622213623-75b288015ac9	0.0.0-20211202192323-5770296d904e	https://access.redhat.com/security/cve/CVE-2021-43565 https://go.dev/cl/368814 https://go.dev/issues/49932 https://groups.google.com/forum/#!forum/golang-announce https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs https://nvd.nist.gov/vuln/detail/CVE-2021-43565 https://pkg.go.dev/vuln/GO-2022-0968 https://www.cve.org/CVERecord?id=CVE-2021-43565
golang.org/x/crypto	CVE-2022-27191	HIGH	v0.0.0-20200622213623-75b288015ac9	0.0.0-20220314234659-1baeb1ce4c0b	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2022-27191 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://cs.opensource.google/go/x/crypto https://errata.almalinux.org/9/ALSA-2022-8008.html https://go.dev/cl/392355 https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/-cp44ypCT5s https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ https://linux.oracle.com/cve/CVE-2022-27191.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-27191 https://pkg.go.dev/vuln/GO-2021-0356 https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml https://security.netapp.com/advisory/ntap-20220429-0002 https://security.netapp.com/advisory/ntap-20220429-0002/ https://www.cve.org/CVERecord?id=CVE-2022-27191
golang.org/x/crypto	CVE-2023-48795	MEDIUM	v0.0.0-20200622213623-75b288015ac9	0.17.0	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/errata/RHSA-2024:1150 https://access.redhat.com/security/cve/CVE-2023-48795 https://access.redhat.com/security/cve/cve-2023-48795 https://access.redhat.com/solutions/7071748 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/2254210 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 https://errata.almalinux.org/9/ALSA-2024-1150.html https://errata.rockylinux.org/RLSA-2024:0628 https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 https://gitlab.com/libssh/libssh-mirror/-/tags https://go.dev/cl/550715 https://go.dev/issue/64784 https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5 https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://linux.oracle.com/cve/CVE-2023-48795.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://oryx-embedded.com/download/#changelog https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 https://security.netapp.com/advisory/ntap-20240105-0004 https://security.netapp.com/advisory/ntap-20240105-0004/ https://support.apple.com/kb/HT214084 https://terrapin-attack.com/ https://thorntech.com/cve-2023-48795-and-sftp-gateway https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://ubuntu.com/security/notices/USN-6560-1 https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6561-1 https://ubuntu.com/security/notices/USN-6585-1 https://ubuntu.com/security/notices/USN-6589-1 https://ubuntu.com/security/notices/USN-6598-1 https://ubuntu.com/security/notices/USN-6738-1 https://ubuntu.com/security/notices/USN-7051-1 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.debian.org/security/2023/dsa-5586 https://www.debian.org/security/2023/dsa-5588 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt
golang.org/x/net	CVE-2021-33194	HIGH	v0.0.0-20201110031124-69a78807bb2b	0.0.0-20210520170846-37e1c6afe023	https://access.redhat.com/security/cve/CVE-2021-33194 https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7 https://go.dev/cl/311090 https://go.dev/issue/46288 https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7 https://groups.google.com/g/golang-announce/c/wPunbCPkWUg https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM https://nvd.nist.gov/vuln/detail/CVE-2021-33194 https://pkg.go.dev/vuln/GO-2021-0238 https://www.cve.org/CVERecord?id=CVE-2021-33194
golang.org/x/net	CVE-2022-27664	HIGH	v0.0.0-20201110031124-69a78807bb2b	0.0.0-20220906165146-f3363e06e74c	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-27664 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=1913333 https://bugzilla.redhat.com/show_bug.cgi?id=1913338 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 https://bugzilla.redhat.com/show_bug.cgi?id=2124669 https://cs.opensource.google/go/x/net https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:7129 https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) https://github.com/golang/go/issues/54658 https://go.dev/cl/428735 https://go.dev/issue/54658 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ https://linux.oracle.com/cve/CVE-2022-27664.html https://linux.oracle.com/errata/ELSA-2024-0121.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://pkg.go.dev/vuln/GO-2022-0969 https://security.gentoo.org/glsa/202209-26 https://security.netapp.com/advisory/ntap-20220923-0004 https://security.netapp.com/advisory/ntap-20220923-0004/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-27664
golang.org/x/net	CVE-2022-41723	HIGH	v0.0.0-20201110031124-69a78807bb2b	0.7.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://linux.oracle.com/cve/CVE-2022-41723.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/ https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://pkg.go.dev/vuln/GO-2023-1571 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://vuln.go.dev/ID/GO-2023-1571.json https://www.couchbase.com/alerts https://www.couchbase.com/alerts/ https://www.cve.org/CVERecord?id=CVE-2022-41723
golang.org/x/net	CVE-2023-39325	HIGH	v0.0.0-20201110031124-69a78807bb2b	0.17.0	golang.org/x/net https://access.redhat.com/errata/RHSA-2023:6077 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://errata.almalinux.org/9/ALSA-2023-6077.html https://errata.rockylinux.org/RLSA-2023:6077 https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] https://github.com/golang/go/issues/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://linux.oracle.com/cve/CVE-2023-39325.html https://linux.oracle.com/errata/ELSA-2023-5867.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://pkg.go.dev/vuln/GO-2023-2102 https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231110-0008 https://security.netapp.com/advisory/ntap-20231110-0008/ https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-7061-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-39325
golang.org/x/net	CVE-2021-31525	MEDIUM	v0.0.0-20201110031124-69a78807bb2b	0.0.0-20210428140749-89ef3d95e781	https://access.redhat.com/security/cve/CVE-2021-31525 https://github.com/golang/go https://github.com/golang/go/issues/45710 https://go.dev/cl/313069 https://go.dev/issue/45710 https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9 https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc https://linux.oracle.com/cve/CVE-2021-31525.html https://linux.oracle.com/errata/ELSA-2021-3076.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF https://nvd.nist.gov/vuln/detail/CVE-2021-31525 https://pkg.go.dev/vuln/GO-2022-0236 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-31525
golang.org/x/net	CVE-2022-41717	MEDIUM	v0.0.0-20201110031124-69a78807bb2b	0.4.0	https://access.redhat.com/errata/RHSA-2023:6420 https://access.redhat.com/security/cve/CVE-2022-41717 https://bugzilla.redhat.com/2131146 https://bugzilla.redhat.com/2131147 https://bugzilla.redhat.com/2131148 https://bugzilla.redhat.com/2138014 https://bugzilla.redhat.com/2138015 https://bugzilla.redhat.com/2148252 https://bugzilla.redhat.com/2158420 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/2184483 https://cs.opensource.google/go/x/net https://errata.almalinux.org/9/ALSA-2023-6420.html https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://linux.oracle.com/cve/CVE-2022-41717.html https://linux.oracle.com/errata/ELSA-2023-6420.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2022-41717 https://pkg.go.dev/vuln/GO-2022-1144 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-41717
golang.org/x/net	CVE-2023-3978	MEDIUM	v0.0.0-20201110031124-69a78807bb2b	0.13.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-3978 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://go.dev/cl/514896 https://go.dev/issue/61615 https://linux.oracle.com/cve/CVE-2023-3978.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-3978 https://pkg.go.dev/vuln/GO-2023-1988 https://www.cve.org/CVERecord?id=CVE-2023-3978
golang.org/x/net	CVE-2023-44487	MEDIUM	v0.0.0-20201110031124-69a78807bb2b	0.17.0	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
golang.org/x/net	CVE-2023-45288	MEDIUM	v0.0.0-20201110031124-69a78807bb2b	0.23.0	http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://access.redhat.com/errata/RHSA-2024:2724 https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268018 https://bugzilla.redhat.com/2268019 https://bugzilla.redhat.com/2268273 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 https://errata.almalinux.org/9/ALSA-2024-2724.html https://errata.rockylinux.org/RLSA-2024:2724 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://kb.cert.org/vuls/id/421644 https://linux.oracle.com/cve/CVE-2023-45288.html https://linux.oracle.com/errata/ELSA-2024-3346.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://nowotarski.info/http2-continuation-flood-technical-details https://nowotarski.info/http2-continuation-flood/ https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://security.netapp.com/advisory/ntap-20240419-0009/ https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://www.kb.cert.org/vuls/id/421644
golang.org/x/sys	CVE-2022-29526	MEDIUM	v0.0.0-20200930185726-fdedc70b468f	0.0.0-20220412211240-33da011f77ad	https://access.redhat.com/security/cve/CVE-2022-29526 https://github.com/golang/go https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c https://github.com/golang/go/issues/52313 https://go.dev/cl/399539 https://go.dev/cl/400074 https://go.dev/issue/52313 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU https://linux.oracle.com/cve/CVE-2022-29526.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-29526 https://pkg.go.dev/vuln/GO-2022-0493 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220729-0001 https://security.netapp.com/advisory/ntap-20220729-0001/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-29526
golang.org/x/text	CVE-2021-38561	HIGH	v0.3.5	0.3.7	https://access.redhat.com/security/cve/CVE-2021-38561 https://deps.dev/advisory/OSV/GO-2021-0113 https://go.dev/cl/340830 https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f https://groups.google.com/g/golang-announce https://nvd.nist.gov/vuln/detail/CVE-2021-38561 https://pkg.go.dev/golang.org/x/text/language https://pkg.go.dev/vuln/GO-2021-0113 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2021-38561
golang.org/x/text	CVE-2022-32149	HIGH	v0.3.5	0.3.8	https://access.redhat.com/security/cve/CVE-2022-32149 https://github.com/golang/go/issues/56152 https://github.com/golang/text https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) https://go.dev/cl/442235 https://go.dev/issue/56152 https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ https://groups.google.com/g/golang-dev/c/qfPIly0X7aU https://nvd.nist.gov/vuln/detail/CVE-2022-32149 https://pkg.go.dev/vuln/GO-2022-1059 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2022-32149
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	v1.27.1	1.56.3, 1.57.1, 1.58.3	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g https://nvd.nist.gov/vuln/detail/CVE-2023-44487
google.golang.org/grpc	CVE-2023-44487	MEDIUM	v1.27.1	1.58.3, 1.57.1, 1.56.3	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
google.golang.org/protobuf	CVE-2024-24786	MEDIUM	v1.25.0	1.33.0	http://www.openwall.com/lists/oss-security/2024/03/08/4 https://access.redhat.com/errata/RHSA-2024:2550 https://access.redhat.com/security/cve/CVE-2024-24786 https://bugzilla.redhat.com/2268046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786 https://errata.almalinux.org/9/ALSA-2024-2550.html https://errata.rockylinux.org/RLSA-2024:2550 https://github.com/protocolbuffers/protobuf-go https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023 https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0 https://go-review.googlesource.com/c/protobuf/+/569356 https://go.dev/cl/569356 https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ https://linux.oracle.com/cve/CVE-2024-24786.html https://linux.oracle.com/errata/ELSA-2024-4246.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ https://nvd.nist.gov/vuln/detail/CVE-2024-24786 https://pkg.go.dev/vuln/GO-2024-2611 https://security.netapp.com/advisory/ntap-20240517-0002 https://security.netapp.com/advisory/ntap-20240517-0002/ https://ubuntu.com/security/notices/USN-6746-1 https://ubuntu.com/security/notices/USN-6746-2 https://www.cve.org/CVERecord?id=CVE-2024-24786
k8s.io/apimachinery	GHSA-74fp-r6jw-h4mp	HIGH	v0.0.0-20190913080033-27d36303b655	0.0.0-20190927203648-9ce6eca90e73	https://github.com/advisories/GHSA-pmqp-h87c-mr78 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/83253 https://github.com/kubernetes/kubernetes/pull/83261 https://groups.google.com/g/kubernetes-security-announce/c/jk8polzSUxs https://nvd.nist.gov/vuln/detail/CVE-2019-11253 https://pkg.go.dev/vuln/GO-2022-0965 https://stackoverflow.com/questions/58129150/security-yaml-bomb-user-can-restart-kube-api-by-sending-configmap
k8s.io/apimachinery	CVE-2020-8559	MEDIUM	v0.0.0-20190913080033-27d36303b655	0.16.13, 0.17.9, 0.18.7	https://access.redhat.com/security/cve/CVE-2020-8559 https://bugzilla.redhat.com/show_bug.cgi?id=1851422 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/92914 https://github.com/kubernetes/kubernetes/pull/92941 https://github.com/tdwyer/CVE-2020-8559 https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs https://linux.oracle.com/cve/CVE-2020-8559.html https://linux.oracle.com/errata/ELSA-2020-5767.html https://nvd.nist.gov/vuln/detail/CVE-2020-8559 https://security.netapp.com/advisory/ntap-20200810-0004 https://security.netapp.com/advisory/ntap-20200810-0004/ https://www.cve.org/CVERecord?id=CVE-2020-8559 https://www.cve.org/cverecord?id=CVE-2020-8559
k8s.io/client-go	CVE-2019-11250	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.17.0	http://www.openwall.com/lists/oss-security/2020/10/16/2 https://access.redhat.com/errata/RHSA-2019:4052 https://access.redhat.com/errata/RHSA-2019:4087 https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://access.redhat.com/security/cve/CVE-2019-11250 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245 https://github.com/kubernetes/kubernetes/issues/81114 https://github.com/kubernetes/kubernetes/pull/81330 https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://pkg.go.dev/vuln/GO-2021-0065 https://security.netapp.com/advisory/ntap-20190919-0003 https://security.netapp.com/advisory/ntap-20190919-0003/ https://www.cve.org/CVERecord?id=CVE-2019-11250 https://www.cve.org/cverecord?id=CVE-2019-11250
k8s.io/client-go	CVE-2020-8565	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16	https://access.redhat.com/security/cve/CVE-2020-8565 https://github.com/kubernetes/client-go https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3 https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0 https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86 https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373 https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419 https://github.com/kubernetes/kubernetes/issues/95623 https://github.com/kubernetes/kubernetes/pull/95316 https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ https://nvd.nist.gov/vuln/detail/CVE-2020-8565 https://pkg.go.dev/vuln/GO-2021-0064 https://www.cve.org/CVERecord?id=CVE-2020-8565 https://www.cve.org/cverecord?id=CVE-2020-8565
stdlib	CVE-2022-23806	CRITICAL	v1.15.6	1.16.14, 1.17.7	https://access.redhat.com/security/cve/CVE-2022-23806 https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ https://linux.oracle.com/cve/CVE-2022-23806.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2022-23806 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220225-0006/ https://www.cve.org/CVERecord?id=CVE-2022-23806 https://www.oracle.com/security-alerts/cpujul2022.html
stdlib	CVE-2023-24538	CRITICAL	v1.15.6	1.19.8, 1.20.3	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3) https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8) https://github.com/golang/go/issues/59234 https://go.dev/cl/482079 https://go.dev/issue/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://linux.oracle.com/cve/CVE-2023-24538.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://pkg.go.dev/vuln/GO-2023-1703 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://ubuntu.com/security/notices/USN-6140-1 https://ubuntu.com/security/notices/USN-7061-1 https://www.cve.org/CVERecord?id=CVE-2023-24538
stdlib	CVE-2023-24540	CRITICAL	v1.15.6	1.19.9, 1.20.4	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4) https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9) https://github.com/golang/go/issues/59721 https://go.dev/cl/491616 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://linux.oracle.com/cve/CVE-2023-24540.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://pkg.go.dev/vuln/GO-2023-1752 https://ubuntu.com/security/notices/USN-6140-1 https://www.cve.org/CVERecord?id=CVE-2023-24540
stdlib	CVE-2024-24790	CRITICAL	v1.15.6	1.21.11, 1.22.4	http://www.openwall.com/lists/oss-security/2024/06/04/1 https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790 https://errata.almalinux.org/9/ALSA-2024-9115.html https://errata.rockylinux.org/RLSA-2024:4212 https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21) https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22) https://github.com/golang/go/issues/67680 https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ https://linux.oracle.com/cve/CVE-2024-24790.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://pkg.go.dev/vuln/GO-2024-2887 https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cve.org/CVERecord?id=CVE-2024-24790
stdlib	CVE-2021-27918	HIGH	v1.15.6	1.15.9, 1.16.1	https://access.redhat.com/security/cve/CVE-2021-27918 https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw https://linux.oracle.com/cve/CVE-2021-27918.html https://linux.oracle.com/errata/ELSA-2021-9268.html https://nvd.nist.gov/vuln/detail/CVE-2021-27918 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-27918
stdlib	CVE-2021-33195	HIGH	v1.15.6	1.15.13, 1.16.5	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2021-33195 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://errata.almalinux.org/9/ALSA-2022-8008.html https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI https://linux.oracle.com/cve/CVE-2021-33195.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://nvd.nist.gov/vuln/detail/CVE-2021-33195 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20210902-0005/ https://www.cve.org/CVERecord?id=CVE-2021-33195
69 other vulnerabilities found...
No Misconfigurations found

usr/bin/terraform_0.14.11 (gobinary)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/dgrijalva/jwt-go	CVE-2020-26160	HIGH	v3.2.0+incompatible	no fix available	https://access.redhat.com/security/cve/CVE-2020-26160 https://github.com/dgrijalva/jwt-go https://github.com/dgrijalva/jwt-go/commit/ec0a89a131e3e8567adcb21254a5cd20a70ea4ab https://github.com/dgrijalva/jwt-go/issues/422 https://github.com/dgrijalva/jwt-go/issues/462 https://github.com/dgrijalva/jwt-go/pull/426 https://nvd.nist.gov/vuln/detail/CVE-2020-26160 https://pkg.go.dev/vuln/GO-2020-0017 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515 https://www.cve.org/CVERecord?id=CVE-2020-26160
github.com/gogo/protobuf	CVE-2021-3121	HIGH	v1.2.2-0.20190723190241-65acae22fc9d	1.3.2	https://access.redhat.com/security/cve/CVE-2021-3121 https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 https://github.com/gogo/protobuf https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-3121 https://pkg.go.dev/vuln/GO-2021-0053 https://security.netapp.com/advisory/ntap-20210219-0006 https://security.netapp.com/advisory/ntap-20210219-0006/ https://www.cve.org/CVERecord?id=CVE-2021-3121
github.com/hashicorp/consul	CVE-2019-9764	HIGH	v0.0.0-20171026175957-610f3c86a089	1.4.4	https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40 https://github.com/hashicorp/consul/issues/5519 https://nvd.nist.gov/vuln/detail/CVE-2019-9764
github.com/hashicorp/consul	CVE-2020-7219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.6.3	https://access.redhat.com/security/cve/CVE-2020-7219 https://github.com/hashicorp/consul/issues/7159 https://nvd.nist.gov/vuln/detail/CVE-2020-7219 https://www.cve.org/CVERecord?id=CVE-2020-7219 https://www.hashicorp.com/blog/category/consul https://www.hashicorp.com/blog/category/consul/
github.com/hashicorp/consul	CVE-2021-32574	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32574 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-36213	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36213 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-37219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://access.redhat.com/security/cve/CVE-2021-37219 https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0 https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1 https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 https://github.com/hashicorp/consul/pull/10925 https://nvd.nist.gov/vuln/detail/CVE-2021-37219 https://security.gentoo.org/glsa/202207-01 https://www.cve.org/CVERecord?id=CVE-2021-37219 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-29153	HIGH	v0.0.0-20171026175957-610f3c86a089	1.9.17, 1.10.10, 1.11.5	https://access.redhat.com/security/cve/CVE-2022-29153 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 https://github.com/advisories/GHSA-q6h7-4qgw-2j9p https://github.com/hashicorp/consul https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://nvd.nist.gov/vuln/detail/CVE-2022-29153 https://security.gentoo.org/glsa/202208-09 https://security.netapp.com/advisory/ntap-20220602-0005 https://security.netapp.com/advisory/ntap-20220602-0005/ https://www.cve.org/CVERecord?id=CVE-2022-29153
github.com/hashicorp/consul	CVE-2020-25864	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.9.5, 1.8.10, 1.7.14	https://access.redhat.com/security/cve/CVE-2020-25864 https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10023 https://nvd.nist.gov/vuln/detail/CVE-2020-25864 https://security.gentoo.org/glsa/202208-09 https://www.cve.org/CVERecord?id=CVE-2020-25864 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-38698	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10824 https://nvd.nist.gov/vuln/detail/CVE-2021-38698 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-40716	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.11.9, 1.12.5, 1.13.2	https://access.redhat.com/security/cve/CVE-2022-40716 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628/1 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/8f6fb4f6fe9488b8ec37da71ac503081d7d3760b https://github.com/hashicorp/consul/pull/14579 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI https://nvd.nist.gov/vuln/detail/CVE-2022-40716 https://www.cve.org/CVERecord?id=CVE-2022-40716
github.com/hashicorp/consul	CVE-2023-1297	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.14.5, 1.15.3	https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 https://github.com/hashicorp/consul https://nvd.nist.gov/vuln/detail/CVE-2023-1297
github.com/hashicorp/go-getter	CVE-2022-26945	CRITICAL	v1.5.1	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-26945 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://nvd.nist.gov/vuln/detail/CVE-2022-26945 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-26945
github.com/hashicorp/go-getter	CVE-2022-30321	HIGH	v1.5.1	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30321 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30321 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30321
github.com/hashicorp/go-getter	CVE-2022-30322	HIGH	v1.5.1	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30322 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30322 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30322
github.com/hashicorp/go-getter	CVE-2022-30323	HIGH	v1.5.1	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30323 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30323 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30323
github.com/hashicorp/go-getter	CVE-2024-6257	HIGH	v1.5.1	1.7.5	https://access.redhat.com/security/cve/CVE-2024-6257 https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 https://github.com/advisories/GHSA-xfhp-jf8p-mh5w https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9 https://nvd.nist.gov/vuln/detail/CVE-2024-6257 https://www.cve.org/CVERecord?id=CVE-2024-6257
github.com/hashicorp/go-getter	CVE-2022-29810	MEDIUM	v1.5.1	1.5.11	https://access.redhat.com/security/cve/CVE-2022-29810 https://github.com/golang/vulndb/issues/438 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11 https://nvd.nist.gov/vuln/detail/CVE-2022-29810 https://pkg.go.dev/vuln/GO-2022-0438 https://www.cve.org/CVERecord?id=CVE-2022-29810
github.com/hashicorp/go-getter	CVE-2023-0475	MEDIUM	v1.5.1	1.7.0	https://access.redhat.com/security/cve/CVE-2023-0475 https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6 https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc https://nvd.nist.gov/vuln/detail/CVE-2023-0475 https://www.cve.org/CVERecord?id=CVE-2023-0475
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	MEDIUM	v0.5.2	0.7.7	https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-6104 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://discuss.hashicorp.com/c/security https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027 https://errata.almalinux.org/9/ALSA-2024-9115.html https://github.com/advisories/GHSA-v6v8-xj6m-xwqh https://github.com/hashicorp/go-retryablehttp https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a https://linux.oracle.com/cve/CVE-2024-6104.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-6104 https://www.cve.org/CVERecord?id=CVE-2024-6104
github.com/hashicorp/go-slug	CVE-2020-29529	HIGH	v0.4.1	0.5.0	https://access.redhat.com/security/cve/CVE-2020-29529 https://github.com/hashicorp/go-slug https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f https://github.com/hashicorp/go-slug/commit/764785bc4cbb9e600ad1cf1a6bd21b535c182983 https://github.com/hashicorp/go-slug/compare/v0.4.3...v0.5.0 https://github.com/hashicorp/go-slug/pull/12 https://github.com/hashicorp/go-slug/releases/tag/v0.5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-29529 https://pkg.go.dev/vuln/GO-2021-0094 https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug https://www.cve.org/CVERecord?id=CVE-2020-29529
golang.org/x/crypto	CVE-2020-29652	HIGH	v0.0.0-20200622213623-75b288015ac9	0.0.0-20201216223049-8b5274cf687f	https://access.redhat.com/security/cve/CVE-2020-29652 https://errata.almalinux.org/8/ALSA-2021-1796.html https://go-review.googlesource.com/c/crypto/+/278852 https://go.dev/cl/278852 https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8 https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1 https://linux.oracle.com/cve/CVE-2020-29652.html https://linux.oracle.com/errata/ELSA-2021-1796.html https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2020-29652 https://pkg.go.dev/vuln/GO-2021-0227 https://www.cve.org/CVERecord?id=CVE-2020-29652
golang.org/x/crypto	CVE-2021-43565	HIGH	v0.0.0-20200622213623-75b288015ac9	0.0.0-20211202192323-5770296d904e	https://access.redhat.com/security/cve/CVE-2021-43565 https://go.dev/cl/368814 https://go.dev/issues/49932 https://groups.google.com/forum/#!forum/golang-announce https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs https://nvd.nist.gov/vuln/detail/CVE-2021-43565 https://pkg.go.dev/vuln/GO-2022-0968 https://www.cve.org/CVERecord?id=CVE-2021-43565
golang.org/x/crypto	CVE-2022-27191	HIGH	v0.0.0-20200622213623-75b288015ac9	0.0.0-20220314234659-1baeb1ce4c0b	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2022-27191 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://cs.opensource.google/go/x/crypto https://errata.almalinux.org/9/ALSA-2022-8008.html https://go.dev/cl/392355 https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/-cp44ypCT5s https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ https://linux.oracle.com/cve/CVE-2022-27191.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-27191 https://pkg.go.dev/vuln/GO-2021-0356 https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml https://security.netapp.com/advisory/ntap-20220429-0002 https://security.netapp.com/advisory/ntap-20220429-0002/ https://www.cve.org/CVERecord?id=CVE-2022-27191
golang.org/x/crypto	CVE-2023-48795	MEDIUM	v0.0.0-20200622213623-75b288015ac9	0.17.0	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/errata/RHSA-2024:1150 https://access.redhat.com/security/cve/CVE-2023-48795 https://access.redhat.com/security/cve/cve-2023-48795 https://access.redhat.com/solutions/7071748 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/2254210 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 https://errata.almalinux.org/9/ALSA-2024-1150.html https://errata.rockylinux.org/RLSA-2024:0628 https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 https://gitlab.com/libssh/libssh-mirror/-/tags https://go.dev/cl/550715 https://go.dev/issue/64784 https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5 https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://linux.oracle.com/cve/CVE-2023-48795.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://oryx-embedded.com/download/#changelog https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 https://security.netapp.com/advisory/ntap-20240105-0004 https://security.netapp.com/advisory/ntap-20240105-0004/ https://support.apple.com/kb/HT214084 https://terrapin-attack.com/ https://thorntech.com/cve-2023-48795-and-sftp-gateway https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://ubuntu.com/security/notices/USN-6560-1 https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6561-1 https://ubuntu.com/security/notices/USN-6585-1 https://ubuntu.com/security/notices/USN-6589-1 https://ubuntu.com/security/notices/USN-6598-1 https://ubuntu.com/security/notices/USN-6738-1 https://ubuntu.com/security/notices/USN-7051-1 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.debian.org/security/2023/dsa-5586 https://www.debian.org/security/2023/dsa-5588 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt
golang.org/x/net	CVE-2021-33194	HIGH	v0.0.0-20201110031124-69a78807bb2b	0.0.0-20210520170846-37e1c6afe023	https://access.redhat.com/security/cve/CVE-2021-33194 https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7 https://go.dev/cl/311090 https://go.dev/issue/46288 https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7 https://groups.google.com/g/golang-announce/c/wPunbCPkWUg https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM https://nvd.nist.gov/vuln/detail/CVE-2021-33194 https://pkg.go.dev/vuln/GO-2021-0238 https://www.cve.org/CVERecord?id=CVE-2021-33194
golang.org/x/net	CVE-2022-27664	HIGH	v0.0.0-20201110031124-69a78807bb2b	0.0.0-20220906165146-f3363e06e74c	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-27664 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=1913333 https://bugzilla.redhat.com/show_bug.cgi?id=1913338 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 https://bugzilla.redhat.com/show_bug.cgi?id=2124669 https://cs.opensource.google/go/x/net https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:7129 https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) https://github.com/golang/go/issues/54658 https://go.dev/cl/428735 https://go.dev/issue/54658 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ https://linux.oracle.com/cve/CVE-2022-27664.html https://linux.oracle.com/errata/ELSA-2024-0121.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://pkg.go.dev/vuln/GO-2022-0969 https://security.gentoo.org/glsa/202209-26 https://security.netapp.com/advisory/ntap-20220923-0004 https://security.netapp.com/advisory/ntap-20220923-0004/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-27664
golang.org/x/net	CVE-2022-41723	HIGH	v0.0.0-20201110031124-69a78807bb2b	0.7.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://linux.oracle.com/cve/CVE-2022-41723.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/ https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://pkg.go.dev/vuln/GO-2023-1571 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://vuln.go.dev/ID/GO-2023-1571.json https://www.couchbase.com/alerts https://www.couchbase.com/alerts/ https://www.cve.org/CVERecord?id=CVE-2022-41723
golang.org/x/net	CVE-2023-39325	HIGH	v0.0.0-20201110031124-69a78807bb2b	0.17.0	golang.org/x/net https://access.redhat.com/errata/RHSA-2023:6077 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://errata.almalinux.org/9/ALSA-2023-6077.html https://errata.rockylinux.org/RLSA-2023:6077 https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] https://github.com/golang/go/issues/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://linux.oracle.com/cve/CVE-2023-39325.html https://linux.oracle.com/errata/ELSA-2023-5867.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://pkg.go.dev/vuln/GO-2023-2102 https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231110-0008 https://security.netapp.com/advisory/ntap-20231110-0008/ https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-7061-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-39325
golang.org/x/net	CVE-2021-31525	MEDIUM	v0.0.0-20201110031124-69a78807bb2b	0.0.0-20210428140749-89ef3d95e781	https://access.redhat.com/security/cve/CVE-2021-31525 https://github.com/golang/go https://github.com/golang/go/issues/45710 https://go.dev/cl/313069 https://go.dev/issue/45710 https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9 https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc https://linux.oracle.com/cve/CVE-2021-31525.html https://linux.oracle.com/errata/ELSA-2021-3076.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF https://nvd.nist.gov/vuln/detail/CVE-2021-31525 https://pkg.go.dev/vuln/GO-2022-0236 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-31525
golang.org/x/net	CVE-2022-41717	MEDIUM	v0.0.0-20201110031124-69a78807bb2b	0.4.0	https://access.redhat.com/errata/RHSA-2023:6420 https://access.redhat.com/security/cve/CVE-2022-41717 https://bugzilla.redhat.com/2131146 https://bugzilla.redhat.com/2131147 https://bugzilla.redhat.com/2131148 https://bugzilla.redhat.com/2138014 https://bugzilla.redhat.com/2138015 https://bugzilla.redhat.com/2148252 https://bugzilla.redhat.com/2158420 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/2184483 https://cs.opensource.google/go/x/net https://errata.almalinux.org/9/ALSA-2023-6420.html https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://linux.oracle.com/cve/CVE-2022-41717.html https://linux.oracle.com/errata/ELSA-2023-6420.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2022-41717 https://pkg.go.dev/vuln/GO-2022-1144 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-41717
golang.org/x/net	CVE-2023-3978	MEDIUM	v0.0.0-20201110031124-69a78807bb2b	0.13.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-3978 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://go.dev/cl/514896 https://go.dev/issue/61615 https://linux.oracle.com/cve/CVE-2023-3978.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-3978 https://pkg.go.dev/vuln/GO-2023-1988 https://www.cve.org/CVERecord?id=CVE-2023-3978
golang.org/x/net	CVE-2023-44487	MEDIUM	v0.0.0-20201110031124-69a78807bb2b	0.17.0	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
golang.org/x/net	CVE-2023-45288	MEDIUM	v0.0.0-20201110031124-69a78807bb2b	0.23.0	http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://access.redhat.com/errata/RHSA-2024:2724 https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268018 https://bugzilla.redhat.com/2268019 https://bugzilla.redhat.com/2268273 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 https://errata.almalinux.org/9/ALSA-2024-2724.html https://errata.rockylinux.org/RLSA-2024:2724 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://kb.cert.org/vuls/id/421644 https://linux.oracle.com/cve/CVE-2023-45288.html https://linux.oracle.com/errata/ELSA-2024-3346.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://nowotarski.info/http2-continuation-flood-technical-details https://nowotarski.info/http2-continuation-flood/ https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://security.netapp.com/advisory/ntap-20240419-0009/ https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://www.kb.cert.org/vuls/id/421644
golang.org/x/sys	CVE-2022-29526	MEDIUM	v0.0.0-20200930185726-fdedc70b468f	0.0.0-20220412211240-33da011f77ad	https://access.redhat.com/security/cve/CVE-2022-29526 https://github.com/golang/go https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c https://github.com/golang/go/issues/52313 https://go.dev/cl/399539 https://go.dev/cl/400074 https://go.dev/issue/52313 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU https://linux.oracle.com/cve/CVE-2022-29526.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-29526 https://pkg.go.dev/vuln/GO-2022-0493 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220729-0001 https://security.netapp.com/advisory/ntap-20220729-0001/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-29526
golang.org/x/text	CVE-2021-38561	HIGH	v0.3.5	0.3.7	https://access.redhat.com/security/cve/CVE-2021-38561 https://deps.dev/advisory/OSV/GO-2021-0113 https://go.dev/cl/340830 https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f https://groups.google.com/g/golang-announce https://nvd.nist.gov/vuln/detail/CVE-2021-38561 https://pkg.go.dev/golang.org/x/text/language https://pkg.go.dev/vuln/GO-2021-0113 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2021-38561
golang.org/x/text	CVE-2022-32149	HIGH	v0.3.5	0.3.8	https://access.redhat.com/security/cve/CVE-2022-32149 https://github.com/golang/go/issues/56152 https://github.com/golang/text https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) https://go.dev/cl/442235 https://go.dev/issue/56152 https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ https://groups.google.com/g/golang-dev/c/qfPIly0X7aU https://nvd.nist.gov/vuln/detail/CVE-2022-32149 https://pkg.go.dev/vuln/GO-2022-1059 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2022-32149
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	v1.27.1	1.56.3, 1.57.1, 1.58.3	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g https://nvd.nist.gov/vuln/detail/CVE-2023-44487
google.golang.org/grpc	CVE-2023-44487	MEDIUM	v1.27.1	1.58.3, 1.57.1, 1.56.3	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
google.golang.org/protobuf	CVE-2024-24786	MEDIUM	v1.25.0	1.33.0	http://www.openwall.com/lists/oss-security/2024/03/08/4 https://access.redhat.com/errata/RHSA-2024:2550 https://access.redhat.com/security/cve/CVE-2024-24786 https://bugzilla.redhat.com/2268046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786 https://errata.almalinux.org/9/ALSA-2024-2550.html https://errata.rockylinux.org/RLSA-2024:2550 https://github.com/protocolbuffers/protobuf-go https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023 https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0 https://go-review.googlesource.com/c/protobuf/+/569356 https://go.dev/cl/569356 https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ https://linux.oracle.com/cve/CVE-2024-24786.html https://linux.oracle.com/errata/ELSA-2024-4246.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ https://nvd.nist.gov/vuln/detail/CVE-2024-24786 https://pkg.go.dev/vuln/GO-2024-2611 https://security.netapp.com/advisory/ntap-20240517-0002 https://security.netapp.com/advisory/ntap-20240517-0002/ https://ubuntu.com/security/notices/USN-6746-1 https://ubuntu.com/security/notices/USN-6746-2 https://www.cve.org/CVERecord?id=CVE-2024-24786
k8s.io/apimachinery	GHSA-74fp-r6jw-h4mp	HIGH	v0.0.0-20190913080033-27d36303b655	0.0.0-20190927203648-9ce6eca90e73	https://github.com/advisories/GHSA-pmqp-h87c-mr78 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/83253 https://github.com/kubernetes/kubernetes/pull/83261 https://groups.google.com/g/kubernetes-security-announce/c/jk8polzSUxs https://nvd.nist.gov/vuln/detail/CVE-2019-11253 https://pkg.go.dev/vuln/GO-2022-0965 https://stackoverflow.com/questions/58129150/security-yaml-bomb-user-can-restart-kube-api-by-sending-configmap
k8s.io/apimachinery	CVE-2020-8559	MEDIUM	v0.0.0-20190913080033-27d36303b655	0.16.13, 0.17.9, 0.18.7	https://access.redhat.com/security/cve/CVE-2020-8559 https://bugzilla.redhat.com/show_bug.cgi?id=1851422 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/92914 https://github.com/kubernetes/kubernetes/pull/92941 https://github.com/tdwyer/CVE-2020-8559 https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs https://linux.oracle.com/cve/CVE-2020-8559.html https://linux.oracle.com/errata/ELSA-2020-5767.html https://nvd.nist.gov/vuln/detail/CVE-2020-8559 https://security.netapp.com/advisory/ntap-20200810-0004 https://security.netapp.com/advisory/ntap-20200810-0004/ https://www.cve.org/CVERecord?id=CVE-2020-8559 https://www.cve.org/cverecord?id=CVE-2020-8559
k8s.io/client-go	CVE-2019-11250	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.17.0	http://www.openwall.com/lists/oss-security/2020/10/16/2 https://access.redhat.com/errata/RHSA-2019:4052 https://access.redhat.com/errata/RHSA-2019:4087 https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://access.redhat.com/security/cve/CVE-2019-11250 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245 https://github.com/kubernetes/kubernetes/issues/81114 https://github.com/kubernetes/kubernetes/pull/81330 https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://pkg.go.dev/vuln/GO-2021-0065 https://security.netapp.com/advisory/ntap-20190919-0003 https://security.netapp.com/advisory/ntap-20190919-0003/ https://www.cve.org/CVERecord?id=CVE-2019-11250 https://www.cve.org/cverecord?id=CVE-2019-11250
k8s.io/client-go	CVE-2020-8565	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16	https://access.redhat.com/security/cve/CVE-2020-8565 https://github.com/kubernetes/client-go https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3 https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0 https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86 https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373 https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419 https://github.com/kubernetes/kubernetes/issues/95623 https://github.com/kubernetes/kubernetes/pull/95316 https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ https://nvd.nist.gov/vuln/detail/CVE-2020-8565 https://pkg.go.dev/vuln/GO-2021-0064 https://www.cve.org/CVERecord?id=CVE-2020-8565 https://www.cve.org/cverecord?id=CVE-2020-8565
stdlib	CVE-2022-23806	CRITICAL	v1.15.6	1.16.14, 1.17.7	https://access.redhat.com/security/cve/CVE-2022-23806 https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ https://linux.oracle.com/cve/CVE-2022-23806.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2022-23806 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220225-0006/ https://www.cve.org/CVERecord?id=CVE-2022-23806 https://www.oracle.com/security-alerts/cpujul2022.html
stdlib	CVE-2023-24538	CRITICAL	v1.15.6	1.19.8, 1.20.3	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3) https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8) https://github.com/golang/go/issues/59234 https://go.dev/cl/482079 https://go.dev/issue/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://linux.oracle.com/cve/CVE-2023-24538.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://pkg.go.dev/vuln/GO-2023-1703 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://ubuntu.com/security/notices/USN-6140-1 https://ubuntu.com/security/notices/USN-7061-1 https://www.cve.org/CVERecord?id=CVE-2023-24538
stdlib	CVE-2023-24540	CRITICAL	v1.15.6	1.19.9, 1.20.4	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4) https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9) https://github.com/golang/go/issues/59721 https://go.dev/cl/491616 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://linux.oracle.com/cve/CVE-2023-24540.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://pkg.go.dev/vuln/GO-2023-1752 https://ubuntu.com/security/notices/USN-6140-1 https://www.cve.org/CVERecord?id=CVE-2023-24540
stdlib	CVE-2024-24790	CRITICAL	v1.15.6	1.21.11, 1.22.4	http://www.openwall.com/lists/oss-security/2024/06/04/1 https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790 https://errata.almalinux.org/9/ALSA-2024-9115.html https://errata.rockylinux.org/RLSA-2024:4212 https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21) https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22) https://github.com/golang/go/issues/67680 https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ https://linux.oracle.com/cve/CVE-2024-24790.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://pkg.go.dev/vuln/GO-2024-2887 https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cve.org/CVERecord?id=CVE-2024-24790
stdlib	CVE-2021-27918	HIGH	v1.15.6	1.15.9, 1.16.1	https://access.redhat.com/security/cve/CVE-2021-27918 https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw https://linux.oracle.com/cve/CVE-2021-27918.html https://linux.oracle.com/errata/ELSA-2021-9268.html https://nvd.nist.gov/vuln/detail/CVE-2021-27918 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-27918
stdlib	CVE-2021-33195	HIGH	v1.15.6	1.15.13, 1.16.5	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2021-33195 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://errata.almalinux.org/9/ALSA-2022-8008.html https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI https://linux.oracle.com/cve/CVE-2021-33195.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://nvd.nist.gov/vuln/detail/CVE-2021-33195 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20210902-0005/ https://www.cve.org/CVERecord?id=CVE-2021-33195
69 other vulnerabilities found...
No Misconfigurations found

usr/bin/terraform_0.15 (gobinary)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/Masterminds/goutils	CVE-2021-4238	CRITICAL	v1.1.0	1.1.1	https://access.redhat.com/security/cve/CVE-2021-4238 https://github.com/Masterminds/goutils https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 https://github.com/advisories/GHSA-3839-6r69-m497 https://nvd.nist.gov/vuln/detail/CVE-2021-4238 https://pkg.go.dev/vuln/GO-2022-0411 https://www.cve.org/CVERecord?id=CVE-2021-4238
github.com/Masterminds/goutils	GHSA-xg2h-wx96-xgxr	LOW	v1.1.0	1.1.1	https://github.com/Masterminds/goutils https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 https://github.com/Masterminds/goutils/commit/f1923532a168b8203bfe956d8cd3b17ebece5982 https://github.com/Masterminds/goutils/releases/tag/v1.1.1 https://github.com/Masterminds/goutils/security/advisories/GHSA-xg2h-wx96-xgxr
github.com/gogo/protobuf	CVE-2021-3121	HIGH	v1.2.2-0.20190723190241-65acae22fc9d	1.3.2	https://access.redhat.com/security/cve/CVE-2021-3121 https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 https://github.com/gogo/protobuf https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-3121 https://pkg.go.dev/vuln/GO-2021-0053 https://security.netapp.com/advisory/ntap-20210219-0006 https://security.netapp.com/advisory/ntap-20210219-0006/ https://www.cve.org/CVERecord?id=CVE-2021-3121
github.com/hashicorp/consul	CVE-2019-9764	HIGH	v0.0.0-20171026175957-610f3c86a089	1.4.4	https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40 https://github.com/hashicorp/consul/issues/5519 https://nvd.nist.gov/vuln/detail/CVE-2019-9764
github.com/hashicorp/consul	CVE-2020-7219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.6.3	https://access.redhat.com/security/cve/CVE-2020-7219 https://github.com/hashicorp/consul/issues/7159 https://nvd.nist.gov/vuln/detail/CVE-2020-7219 https://www.cve.org/CVERecord?id=CVE-2020-7219 https://www.hashicorp.com/blog/category/consul https://www.hashicorp.com/blog/category/consul/
github.com/hashicorp/consul	CVE-2021-32574	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32574 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-36213	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36213 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-37219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://access.redhat.com/security/cve/CVE-2021-37219 https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0 https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1 https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 https://github.com/hashicorp/consul/pull/10925 https://nvd.nist.gov/vuln/detail/CVE-2021-37219 https://security.gentoo.org/glsa/202207-01 https://www.cve.org/CVERecord?id=CVE-2021-37219 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-29153	HIGH	v0.0.0-20171026175957-610f3c86a089	1.9.17, 1.10.10, 1.11.5	https://access.redhat.com/security/cve/CVE-2022-29153 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 https://github.com/advisories/GHSA-q6h7-4qgw-2j9p https://github.com/hashicorp/consul https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://nvd.nist.gov/vuln/detail/CVE-2022-29153 https://security.gentoo.org/glsa/202208-09 https://security.netapp.com/advisory/ntap-20220602-0005 https://security.netapp.com/advisory/ntap-20220602-0005/ https://www.cve.org/CVERecord?id=CVE-2022-29153
github.com/hashicorp/consul	CVE-2020-25864	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.9.5, 1.8.10, 1.7.14	https://access.redhat.com/security/cve/CVE-2020-25864 https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10023 https://nvd.nist.gov/vuln/detail/CVE-2020-25864 https://security.gentoo.org/glsa/202208-09 https://www.cve.org/CVERecord?id=CVE-2020-25864 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-38698	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10824 https://nvd.nist.gov/vuln/detail/CVE-2021-38698 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-40716	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.11.9, 1.12.5, 1.13.2	https://access.redhat.com/security/cve/CVE-2022-40716 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628/1 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/8f6fb4f6fe9488b8ec37da71ac503081d7d3760b https://github.com/hashicorp/consul/pull/14579 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI https://nvd.nist.gov/vuln/detail/CVE-2022-40716 https://www.cve.org/CVERecord?id=CVE-2022-40716
github.com/hashicorp/consul	CVE-2023-1297	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.14.5, 1.15.3	https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 https://github.com/hashicorp/consul https://nvd.nist.gov/vuln/detail/CVE-2023-1297
github.com/hashicorp/go-getter	CVE-2022-26945	CRITICAL	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-26945 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://nvd.nist.gov/vuln/detail/CVE-2022-26945 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-26945
github.com/hashicorp/go-getter	CVE-2022-30321	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30321 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30321 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30321
github.com/hashicorp/go-getter	CVE-2022-30322	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30322 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30322 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30322
github.com/hashicorp/go-getter	CVE-2022-30323	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30323 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30323 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30323
github.com/hashicorp/go-getter	CVE-2024-6257	HIGH	v1.5.2	1.7.5	https://access.redhat.com/security/cve/CVE-2024-6257 https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 https://github.com/advisories/GHSA-xfhp-jf8p-mh5w https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9 https://nvd.nist.gov/vuln/detail/CVE-2024-6257 https://www.cve.org/CVERecord?id=CVE-2024-6257
github.com/hashicorp/go-getter	CVE-2022-29810	MEDIUM	v1.5.2	1.5.11	https://access.redhat.com/security/cve/CVE-2022-29810 https://github.com/golang/vulndb/issues/438 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11 https://nvd.nist.gov/vuln/detail/CVE-2022-29810 https://pkg.go.dev/vuln/GO-2022-0438 https://www.cve.org/CVERecord?id=CVE-2022-29810
github.com/hashicorp/go-getter	CVE-2023-0475	MEDIUM	v1.5.2	1.7.0	https://access.redhat.com/security/cve/CVE-2023-0475 https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6 https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc https://nvd.nist.gov/vuln/detail/CVE-2023-0475 https://www.cve.org/CVERecord?id=CVE-2023-0475
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	MEDIUM	v0.5.2	0.7.7	https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-6104 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://discuss.hashicorp.com/c/security https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027 https://errata.almalinux.org/9/ALSA-2024-9115.html https://github.com/advisories/GHSA-v6v8-xj6m-xwqh https://github.com/hashicorp/go-retryablehttp https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a https://linux.oracle.com/cve/CVE-2024-6104.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-6104 https://www.cve.org/CVERecord?id=CVE-2024-6104
github.com/hashicorp/go-slug	CVE-2020-29529	HIGH	v0.4.1	0.5.0	https://access.redhat.com/security/cve/CVE-2020-29529 https://github.com/hashicorp/go-slug https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f https://github.com/hashicorp/go-slug/commit/764785bc4cbb9e600ad1cf1a6bd21b535c182983 https://github.com/hashicorp/go-slug/compare/v0.4.3...v0.5.0 https://github.com/hashicorp/go-slug/pull/12 https://github.com/hashicorp/go-slug/releases/tag/v0.5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-29529 https://pkg.go.dev/vuln/GO-2021-0094 https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug https://www.cve.org/CVERecord?id=CVE-2020-29529
golang.org/x/crypto	CVE-2021-43565	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20211202192323-5770296d904e	https://access.redhat.com/security/cve/CVE-2021-43565 https://go.dev/cl/368814 https://go.dev/issues/49932 https://groups.google.com/forum/#!forum/golang-announce https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs https://nvd.nist.gov/vuln/detail/CVE-2021-43565 https://pkg.go.dev/vuln/GO-2022-0968 https://www.cve.org/CVERecord?id=CVE-2021-43565
golang.org/x/crypto	CVE-2022-27191	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20220314234659-1baeb1ce4c0b	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2022-27191 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://cs.opensource.google/go/x/crypto https://errata.almalinux.org/9/ALSA-2022-8008.html https://go.dev/cl/392355 https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/-cp44ypCT5s https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ https://linux.oracle.com/cve/CVE-2022-27191.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-27191 https://pkg.go.dev/vuln/GO-2021-0356 https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml https://security.netapp.com/advisory/ntap-20220429-0002 https://security.netapp.com/advisory/ntap-20220429-0002/ https://www.cve.org/CVERecord?id=CVE-2022-27191
golang.org/x/crypto	CVE-2023-48795	MEDIUM	v0.0.0-20210322153248-0c34fe9e7dc2	0.17.0	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/errata/RHSA-2024:1150 https://access.redhat.com/security/cve/CVE-2023-48795 https://access.redhat.com/security/cve/cve-2023-48795 https://access.redhat.com/solutions/7071748 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/2254210 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 https://errata.almalinux.org/9/ALSA-2024-1150.html https://errata.rockylinux.org/RLSA-2024:0628 https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 https://gitlab.com/libssh/libssh-mirror/-/tags https://go.dev/cl/550715 https://go.dev/issue/64784 https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5 https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://linux.oracle.com/cve/CVE-2023-48795.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://oryx-embedded.com/download/#changelog https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 https://security.netapp.com/advisory/ntap-20240105-0004 https://security.netapp.com/advisory/ntap-20240105-0004/ https://support.apple.com/kb/HT214084 https://terrapin-attack.com/ https://thorntech.com/cve-2023-48795-and-sftp-gateway https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://ubuntu.com/security/notices/USN-6560-1 https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6561-1 https://ubuntu.com/security/notices/USN-6585-1 https://ubuntu.com/security/notices/USN-6589-1 https://ubuntu.com/security/notices/USN-6598-1 https://ubuntu.com/security/notices/USN-6738-1 https://ubuntu.com/security/notices/USN-7051-1 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.debian.org/security/2023/dsa-5586 https://www.debian.org/security/2023/dsa-5588 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt
golang.org/x/net	CVE-2021-33194	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.0.0-20210520170846-37e1c6afe023	https://access.redhat.com/security/cve/CVE-2021-33194 https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7 https://go.dev/cl/311090 https://go.dev/issue/46288 https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7 https://groups.google.com/g/golang-announce/c/wPunbCPkWUg https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM https://nvd.nist.gov/vuln/detail/CVE-2021-33194 https://pkg.go.dev/vuln/GO-2021-0238 https://www.cve.org/CVERecord?id=CVE-2021-33194
golang.org/x/net	CVE-2022-27664	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.0.0-20220906165146-f3363e06e74c	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-27664 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=1913333 https://bugzilla.redhat.com/show_bug.cgi?id=1913338 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 https://bugzilla.redhat.com/show_bug.cgi?id=2124669 https://cs.opensource.google/go/x/net https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:7129 https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) https://github.com/golang/go/issues/54658 https://go.dev/cl/428735 https://go.dev/issue/54658 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ https://linux.oracle.com/cve/CVE-2022-27664.html https://linux.oracle.com/errata/ELSA-2024-0121.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://pkg.go.dev/vuln/GO-2022-0969 https://security.gentoo.org/glsa/202209-26 https://security.netapp.com/advisory/ntap-20220923-0004 https://security.netapp.com/advisory/ntap-20220923-0004/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-27664
golang.org/x/net	CVE-2022-41723	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.7.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://linux.oracle.com/cve/CVE-2022-41723.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/ https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://pkg.go.dev/vuln/GO-2023-1571 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://vuln.go.dev/ID/GO-2023-1571.json https://www.couchbase.com/alerts https://www.couchbase.com/alerts/ https://www.cve.org/CVERecord?id=CVE-2022-41723
golang.org/x/net	CVE-2023-39325	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.17.0	golang.org/x/net https://access.redhat.com/errata/RHSA-2023:6077 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://errata.almalinux.org/9/ALSA-2023-6077.html https://errata.rockylinux.org/RLSA-2023:6077 https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] https://github.com/golang/go/issues/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://linux.oracle.com/cve/CVE-2023-39325.html https://linux.oracle.com/errata/ELSA-2023-5867.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://pkg.go.dev/vuln/GO-2023-2102 https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231110-0008 https://security.netapp.com/advisory/ntap-20231110-0008/ https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-7061-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-39325
golang.org/x/net	CVE-2021-31525	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.0.0-20210428140749-89ef3d95e781	https://access.redhat.com/security/cve/CVE-2021-31525 https://github.com/golang/go https://github.com/golang/go/issues/45710 https://go.dev/cl/313069 https://go.dev/issue/45710 https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9 https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc https://linux.oracle.com/cve/CVE-2021-31525.html https://linux.oracle.com/errata/ELSA-2021-3076.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF https://nvd.nist.gov/vuln/detail/CVE-2021-31525 https://pkg.go.dev/vuln/GO-2022-0236 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-31525
golang.org/x/net	CVE-2022-41717	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.4.0	https://access.redhat.com/errata/RHSA-2023:6420 https://access.redhat.com/security/cve/CVE-2022-41717 https://bugzilla.redhat.com/2131146 https://bugzilla.redhat.com/2131147 https://bugzilla.redhat.com/2131148 https://bugzilla.redhat.com/2138014 https://bugzilla.redhat.com/2138015 https://bugzilla.redhat.com/2148252 https://bugzilla.redhat.com/2158420 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/2184483 https://cs.opensource.google/go/x/net https://errata.almalinux.org/9/ALSA-2023-6420.html https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://linux.oracle.com/cve/CVE-2022-41717.html https://linux.oracle.com/errata/ELSA-2023-6420.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2022-41717 https://pkg.go.dev/vuln/GO-2022-1144 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-41717
golang.org/x/net	CVE-2023-3978	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.13.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-3978 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://go.dev/cl/514896 https://go.dev/issue/61615 https://linux.oracle.com/cve/CVE-2023-3978.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-3978 https://pkg.go.dev/vuln/GO-2023-1988 https://www.cve.org/CVERecord?id=CVE-2023-3978
golang.org/x/net	CVE-2023-44487	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.17.0	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
golang.org/x/net	CVE-2023-45288	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.23.0	http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://access.redhat.com/errata/RHSA-2024:2724 https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268018 https://bugzilla.redhat.com/2268019 https://bugzilla.redhat.com/2268273 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 https://errata.almalinux.org/9/ALSA-2024-2724.html https://errata.rockylinux.org/RLSA-2024:2724 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://kb.cert.org/vuls/id/421644 https://linux.oracle.com/cve/CVE-2023-45288.html https://linux.oracle.com/errata/ELSA-2024-3346.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://nowotarski.info/http2-continuation-flood-technical-details https://nowotarski.info/http2-continuation-flood/ https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://security.netapp.com/advisory/ntap-20240419-0009/ https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://www.kb.cert.org/vuls/id/421644
golang.org/x/sys	CVE-2022-29526	MEDIUM	v0.0.0-20210403161142-5e06dd20ab57	0.0.0-20220412211240-33da011f77ad	https://access.redhat.com/security/cve/CVE-2022-29526 https://github.com/golang/go https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c https://github.com/golang/go/issues/52313 https://go.dev/cl/399539 https://go.dev/cl/400074 https://go.dev/issue/52313 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU https://linux.oracle.com/cve/CVE-2022-29526.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-29526 https://pkg.go.dev/vuln/GO-2022-0493 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220729-0001 https://security.netapp.com/advisory/ntap-20220729-0001/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-29526
golang.org/x/text	CVE-2021-38561	HIGH	v0.3.5	0.3.7	https://access.redhat.com/security/cve/CVE-2021-38561 https://deps.dev/advisory/OSV/GO-2021-0113 https://go.dev/cl/340830 https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f https://groups.google.com/g/golang-announce https://nvd.nist.gov/vuln/detail/CVE-2021-38561 https://pkg.go.dev/golang.org/x/text/language https://pkg.go.dev/vuln/GO-2021-0113 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2021-38561
golang.org/x/text	CVE-2022-32149	HIGH	v0.3.5	0.3.8	https://access.redhat.com/security/cve/CVE-2022-32149 https://github.com/golang/go/issues/56152 https://github.com/golang/text https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) https://go.dev/cl/442235 https://go.dev/issue/56152 https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ https://groups.google.com/g/golang-dev/c/qfPIly0X7aU https://nvd.nist.gov/vuln/detail/CVE-2022-32149 https://pkg.go.dev/vuln/GO-2022-1059 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2022-32149
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	v1.27.1	1.56.3, 1.57.1, 1.58.3	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g https://nvd.nist.gov/vuln/detail/CVE-2023-44487
google.golang.org/grpc	CVE-2023-44487	MEDIUM	v1.27.1	1.58.3, 1.57.1, 1.56.3	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
google.golang.org/protobuf	CVE-2024-24786	MEDIUM	v1.25.0	1.33.0	http://www.openwall.com/lists/oss-security/2024/03/08/4 https://access.redhat.com/errata/RHSA-2024:2550 https://access.redhat.com/security/cve/CVE-2024-24786 https://bugzilla.redhat.com/2268046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786 https://errata.almalinux.org/9/ALSA-2024-2550.html https://errata.rockylinux.org/RLSA-2024:2550 https://github.com/protocolbuffers/protobuf-go https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023 https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0 https://go-review.googlesource.com/c/protobuf/+/569356 https://go.dev/cl/569356 https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ https://linux.oracle.com/cve/CVE-2024-24786.html https://linux.oracle.com/errata/ELSA-2024-4246.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ https://nvd.nist.gov/vuln/detail/CVE-2024-24786 https://pkg.go.dev/vuln/GO-2024-2611 https://security.netapp.com/advisory/ntap-20240517-0002 https://security.netapp.com/advisory/ntap-20240517-0002/ https://ubuntu.com/security/notices/USN-6746-1 https://ubuntu.com/security/notices/USN-6746-2 https://www.cve.org/CVERecord?id=CVE-2024-24786
k8s.io/apimachinery	GHSA-74fp-r6jw-h4mp	HIGH	v0.0.0-20190913080033-27d36303b655	0.0.0-20190927203648-9ce6eca90e73	https://github.com/advisories/GHSA-pmqp-h87c-mr78 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/83253 https://github.com/kubernetes/kubernetes/pull/83261 https://groups.google.com/g/kubernetes-security-announce/c/jk8polzSUxs https://nvd.nist.gov/vuln/detail/CVE-2019-11253 https://pkg.go.dev/vuln/GO-2022-0965 https://stackoverflow.com/questions/58129150/security-yaml-bomb-user-can-restart-kube-api-by-sending-configmap
k8s.io/apimachinery	CVE-2020-8559	MEDIUM	v0.0.0-20190913080033-27d36303b655	0.16.13, 0.17.9, 0.18.7	https://access.redhat.com/security/cve/CVE-2020-8559 https://bugzilla.redhat.com/show_bug.cgi?id=1851422 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/92914 https://github.com/kubernetes/kubernetes/pull/92941 https://github.com/tdwyer/CVE-2020-8559 https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs https://linux.oracle.com/cve/CVE-2020-8559.html https://linux.oracle.com/errata/ELSA-2020-5767.html https://nvd.nist.gov/vuln/detail/CVE-2020-8559 https://security.netapp.com/advisory/ntap-20200810-0004 https://security.netapp.com/advisory/ntap-20200810-0004/ https://www.cve.org/CVERecord?id=CVE-2020-8559 https://www.cve.org/cverecord?id=CVE-2020-8559
k8s.io/client-go	CVE-2019-11250	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.17.0	http://www.openwall.com/lists/oss-security/2020/10/16/2 https://access.redhat.com/errata/RHSA-2019:4052 https://access.redhat.com/errata/RHSA-2019:4087 https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://access.redhat.com/security/cve/CVE-2019-11250 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245 https://github.com/kubernetes/kubernetes/issues/81114 https://github.com/kubernetes/kubernetes/pull/81330 https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://pkg.go.dev/vuln/GO-2021-0065 https://security.netapp.com/advisory/ntap-20190919-0003 https://security.netapp.com/advisory/ntap-20190919-0003/ https://www.cve.org/CVERecord?id=CVE-2019-11250 https://www.cve.org/cverecord?id=CVE-2019-11250
k8s.io/client-go	CVE-2020-8565	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16	https://access.redhat.com/security/cve/CVE-2020-8565 https://github.com/kubernetes/client-go https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3 https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0 https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86 https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373 https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419 https://github.com/kubernetes/kubernetes/issues/95623 https://github.com/kubernetes/kubernetes/pull/95316 https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ https://nvd.nist.gov/vuln/detail/CVE-2020-8565 https://pkg.go.dev/vuln/GO-2021-0064 https://www.cve.org/CVERecord?id=CVE-2020-8565 https://www.cve.org/cverecord?id=CVE-2020-8565
stdlib	CVE-2022-23806	CRITICAL	v1.16.4	1.16.14, 1.17.7	https://access.redhat.com/security/cve/CVE-2022-23806 https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ https://linux.oracle.com/cve/CVE-2022-23806.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2022-23806 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220225-0006/ https://www.cve.org/CVERecord?id=CVE-2022-23806 https://www.oracle.com/security-alerts/cpujul2022.html
stdlib	CVE-2023-24538	CRITICAL	v1.16.4	1.19.8, 1.20.3	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3) https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8) https://github.com/golang/go/issues/59234 https://go.dev/cl/482079 https://go.dev/issue/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://linux.oracle.com/cve/CVE-2023-24538.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://pkg.go.dev/vuln/GO-2023-1703 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://ubuntu.com/security/notices/USN-6140-1 https://ubuntu.com/security/notices/USN-7061-1 https://www.cve.org/CVERecord?id=CVE-2023-24538
stdlib	CVE-2023-24540	CRITICAL	v1.16.4	1.19.9, 1.20.4	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4) https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9) https://github.com/golang/go/issues/59721 https://go.dev/cl/491616 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://linux.oracle.com/cve/CVE-2023-24540.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://pkg.go.dev/vuln/GO-2023-1752 https://ubuntu.com/security/notices/USN-6140-1 https://www.cve.org/CVERecord?id=CVE-2023-24540
stdlib	CVE-2024-24790	CRITICAL	v1.16.4	1.21.11, 1.22.4	http://www.openwall.com/lists/oss-security/2024/06/04/1 https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790 https://errata.almalinux.org/9/ALSA-2024-9115.html https://errata.rockylinux.org/RLSA-2024:4212 https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21) https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22) https://github.com/golang/go/issues/67680 https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ https://linux.oracle.com/cve/CVE-2024-24790.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://pkg.go.dev/vuln/GO-2024-2887 https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cve.org/CVERecord?id=CVE-2024-24790
stdlib	CVE-2021-33195	HIGH	v1.16.4	1.15.13, 1.16.5	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2021-33195 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://errata.almalinux.org/9/ALSA-2022-8008.html https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI https://linux.oracle.com/cve/CVE-2021-33195.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://nvd.nist.gov/vuln/detail/CVE-2021-33195 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20210902-0005/ https://www.cve.org/CVERecord?id=CVE-2021-33195
stdlib	CVE-2021-33196	HIGH	v1.16.4	1.15.13, 1.16.5	https://access.redhat.com/security/cve/CVE-2021-33196 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI https://linux.oracle.com/cve/CVE-2021-33196.html https://linux.oracle.com/errata/ELSA-2021-3076.html https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2021-33196 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-33196
66 other vulnerabilities found...
No Misconfigurations found

usr/bin/terraform_0.15.5 (gobinary)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/Masterminds/goutils	CVE-2021-4238	CRITICAL	v1.1.0	1.1.1	https://access.redhat.com/security/cve/CVE-2021-4238 https://github.com/Masterminds/goutils https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 https://github.com/advisories/GHSA-3839-6r69-m497 https://nvd.nist.gov/vuln/detail/CVE-2021-4238 https://pkg.go.dev/vuln/GO-2022-0411 https://www.cve.org/CVERecord?id=CVE-2021-4238
github.com/Masterminds/goutils	GHSA-xg2h-wx96-xgxr	LOW	v1.1.0	1.1.1	https://github.com/Masterminds/goutils https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 https://github.com/Masterminds/goutils/commit/f1923532a168b8203bfe956d8cd3b17ebece5982 https://github.com/Masterminds/goutils/releases/tag/v1.1.1 https://github.com/Masterminds/goutils/security/advisories/GHSA-xg2h-wx96-xgxr
github.com/gogo/protobuf	CVE-2021-3121	HIGH	v1.2.2-0.20190723190241-65acae22fc9d	1.3.2	https://access.redhat.com/security/cve/CVE-2021-3121 https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 https://github.com/gogo/protobuf https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-3121 https://pkg.go.dev/vuln/GO-2021-0053 https://security.netapp.com/advisory/ntap-20210219-0006 https://security.netapp.com/advisory/ntap-20210219-0006/ https://www.cve.org/CVERecord?id=CVE-2021-3121
github.com/hashicorp/consul	CVE-2019-9764	HIGH	v0.0.0-20171026175957-610f3c86a089	1.4.4	https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40 https://github.com/hashicorp/consul/issues/5519 https://nvd.nist.gov/vuln/detail/CVE-2019-9764
github.com/hashicorp/consul	CVE-2020-7219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.6.3	https://access.redhat.com/security/cve/CVE-2020-7219 https://github.com/hashicorp/consul/issues/7159 https://nvd.nist.gov/vuln/detail/CVE-2020-7219 https://www.cve.org/CVERecord?id=CVE-2020-7219 https://www.hashicorp.com/blog/category/consul https://www.hashicorp.com/blog/category/consul/
github.com/hashicorp/consul	CVE-2021-32574	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32574 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-36213	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36213 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-37219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://access.redhat.com/security/cve/CVE-2021-37219 https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0 https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1 https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 https://github.com/hashicorp/consul/pull/10925 https://nvd.nist.gov/vuln/detail/CVE-2021-37219 https://security.gentoo.org/glsa/202207-01 https://www.cve.org/CVERecord?id=CVE-2021-37219 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-29153	HIGH	v0.0.0-20171026175957-610f3c86a089	1.9.17, 1.10.10, 1.11.5	https://access.redhat.com/security/cve/CVE-2022-29153 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 https://github.com/advisories/GHSA-q6h7-4qgw-2j9p https://github.com/hashicorp/consul https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://nvd.nist.gov/vuln/detail/CVE-2022-29153 https://security.gentoo.org/glsa/202208-09 https://security.netapp.com/advisory/ntap-20220602-0005 https://security.netapp.com/advisory/ntap-20220602-0005/ https://www.cve.org/CVERecord?id=CVE-2022-29153
github.com/hashicorp/consul	CVE-2020-25864	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.9.5, 1.8.10, 1.7.14	https://access.redhat.com/security/cve/CVE-2020-25864 https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10023 https://nvd.nist.gov/vuln/detail/CVE-2020-25864 https://security.gentoo.org/glsa/202208-09 https://www.cve.org/CVERecord?id=CVE-2020-25864 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-38698	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10824 https://nvd.nist.gov/vuln/detail/CVE-2021-38698 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-40716	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.11.9, 1.12.5, 1.13.2	https://access.redhat.com/security/cve/CVE-2022-40716 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628/1 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/8f6fb4f6fe9488b8ec37da71ac503081d7d3760b https://github.com/hashicorp/consul/pull/14579 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI https://nvd.nist.gov/vuln/detail/CVE-2022-40716 https://www.cve.org/CVERecord?id=CVE-2022-40716
github.com/hashicorp/consul	CVE-2023-1297	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.14.5, 1.15.3	https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 https://github.com/hashicorp/consul https://nvd.nist.gov/vuln/detail/CVE-2023-1297
github.com/hashicorp/go-getter	CVE-2022-26945	CRITICAL	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-26945 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://nvd.nist.gov/vuln/detail/CVE-2022-26945 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-26945
github.com/hashicorp/go-getter	CVE-2022-30321	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30321 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30321 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30321
github.com/hashicorp/go-getter	CVE-2022-30322	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30322 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30322 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30322
github.com/hashicorp/go-getter	CVE-2022-30323	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30323 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30323 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30323
github.com/hashicorp/go-getter	CVE-2024-6257	HIGH	v1.5.2	1.7.5	https://access.redhat.com/security/cve/CVE-2024-6257 https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 https://github.com/advisories/GHSA-xfhp-jf8p-mh5w https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9 https://nvd.nist.gov/vuln/detail/CVE-2024-6257 https://www.cve.org/CVERecord?id=CVE-2024-6257
github.com/hashicorp/go-getter	CVE-2022-29810	MEDIUM	v1.5.2	1.5.11	https://access.redhat.com/security/cve/CVE-2022-29810 https://github.com/golang/vulndb/issues/438 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11 https://nvd.nist.gov/vuln/detail/CVE-2022-29810 https://pkg.go.dev/vuln/GO-2022-0438 https://www.cve.org/CVERecord?id=CVE-2022-29810
github.com/hashicorp/go-getter	CVE-2023-0475	MEDIUM	v1.5.2	1.7.0	https://access.redhat.com/security/cve/CVE-2023-0475 https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6 https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc https://nvd.nist.gov/vuln/detail/CVE-2023-0475 https://www.cve.org/CVERecord?id=CVE-2023-0475
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	MEDIUM	v0.5.2	0.7.7	https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-6104 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://discuss.hashicorp.com/c/security https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027 https://errata.almalinux.org/9/ALSA-2024-9115.html https://github.com/advisories/GHSA-v6v8-xj6m-xwqh https://github.com/hashicorp/go-retryablehttp https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a https://linux.oracle.com/cve/CVE-2024-6104.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-6104 https://www.cve.org/CVERecord?id=CVE-2024-6104
github.com/hashicorp/go-slug	CVE-2020-29529	HIGH	v0.4.1	0.5.0	https://access.redhat.com/security/cve/CVE-2020-29529 https://github.com/hashicorp/go-slug https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f https://github.com/hashicorp/go-slug/commit/764785bc4cbb9e600ad1cf1a6bd21b535c182983 https://github.com/hashicorp/go-slug/compare/v0.4.3...v0.5.0 https://github.com/hashicorp/go-slug/pull/12 https://github.com/hashicorp/go-slug/releases/tag/v0.5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-29529 https://pkg.go.dev/vuln/GO-2021-0094 https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug https://www.cve.org/CVERecord?id=CVE-2020-29529
golang.org/x/crypto	CVE-2021-43565	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20211202192323-5770296d904e	https://access.redhat.com/security/cve/CVE-2021-43565 https://go.dev/cl/368814 https://go.dev/issues/49932 https://groups.google.com/forum/#!forum/golang-announce https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs https://nvd.nist.gov/vuln/detail/CVE-2021-43565 https://pkg.go.dev/vuln/GO-2022-0968 https://www.cve.org/CVERecord?id=CVE-2021-43565
golang.org/x/crypto	CVE-2022-27191	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20220314234659-1baeb1ce4c0b	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2022-27191 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://cs.opensource.google/go/x/crypto https://errata.almalinux.org/9/ALSA-2022-8008.html https://go.dev/cl/392355 https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/-cp44ypCT5s https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ https://linux.oracle.com/cve/CVE-2022-27191.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-27191 https://pkg.go.dev/vuln/GO-2021-0356 https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml https://security.netapp.com/advisory/ntap-20220429-0002 https://security.netapp.com/advisory/ntap-20220429-0002/ https://www.cve.org/CVERecord?id=CVE-2022-27191
golang.org/x/crypto	CVE-2023-48795	MEDIUM	v0.0.0-20210322153248-0c34fe9e7dc2	0.17.0	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/errata/RHSA-2024:1150 https://access.redhat.com/security/cve/CVE-2023-48795 https://access.redhat.com/security/cve/cve-2023-48795 https://access.redhat.com/solutions/7071748 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/2254210 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 https://errata.almalinux.org/9/ALSA-2024-1150.html https://errata.rockylinux.org/RLSA-2024:0628 https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 https://gitlab.com/libssh/libssh-mirror/-/tags https://go.dev/cl/550715 https://go.dev/issue/64784 https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5 https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://linux.oracle.com/cve/CVE-2023-48795.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://oryx-embedded.com/download/#changelog https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 https://security.netapp.com/advisory/ntap-20240105-0004 https://security.netapp.com/advisory/ntap-20240105-0004/ https://support.apple.com/kb/HT214084 https://terrapin-attack.com/ https://thorntech.com/cve-2023-48795-and-sftp-gateway https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://ubuntu.com/security/notices/USN-6560-1 https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6561-1 https://ubuntu.com/security/notices/USN-6585-1 https://ubuntu.com/security/notices/USN-6589-1 https://ubuntu.com/security/notices/USN-6598-1 https://ubuntu.com/security/notices/USN-6738-1 https://ubuntu.com/security/notices/USN-7051-1 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.debian.org/security/2023/dsa-5586 https://www.debian.org/security/2023/dsa-5588 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt
golang.org/x/net	CVE-2021-33194	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.0.0-20210520170846-37e1c6afe023	https://access.redhat.com/security/cve/CVE-2021-33194 https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7 https://go.dev/cl/311090 https://go.dev/issue/46288 https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7 https://groups.google.com/g/golang-announce/c/wPunbCPkWUg https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM https://nvd.nist.gov/vuln/detail/CVE-2021-33194 https://pkg.go.dev/vuln/GO-2021-0238 https://www.cve.org/CVERecord?id=CVE-2021-33194
golang.org/x/net	CVE-2022-27664	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.0.0-20220906165146-f3363e06e74c	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-27664 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=1913333 https://bugzilla.redhat.com/show_bug.cgi?id=1913338 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 https://bugzilla.redhat.com/show_bug.cgi?id=2124669 https://cs.opensource.google/go/x/net https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:7129 https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) https://github.com/golang/go/issues/54658 https://go.dev/cl/428735 https://go.dev/issue/54658 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ https://linux.oracle.com/cve/CVE-2022-27664.html https://linux.oracle.com/errata/ELSA-2024-0121.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://pkg.go.dev/vuln/GO-2022-0969 https://security.gentoo.org/glsa/202209-26 https://security.netapp.com/advisory/ntap-20220923-0004 https://security.netapp.com/advisory/ntap-20220923-0004/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-27664
golang.org/x/net	CVE-2022-41723	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.7.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://linux.oracle.com/cve/CVE-2022-41723.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/ https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://pkg.go.dev/vuln/GO-2023-1571 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://vuln.go.dev/ID/GO-2023-1571.json https://www.couchbase.com/alerts https://www.couchbase.com/alerts/ https://www.cve.org/CVERecord?id=CVE-2022-41723
golang.org/x/net	CVE-2023-39325	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.17.0	golang.org/x/net https://access.redhat.com/errata/RHSA-2023:6077 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://errata.almalinux.org/9/ALSA-2023-6077.html https://errata.rockylinux.org/RLSA-2023:6077 https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] https://github.com/golang/go/issues/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://linux.oracle.com/cve/CVE-2023-39325.html https://linux.oracle.com/errata/ELSA-2023-5867.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://pkg.go.dev/vuln/GO-2023-2102 https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231110-0008 https://security.netapp.com/advisory/ntap-20231110-0008/ https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-7061-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-39325
golang.org/x/net	CVE-2021-31525	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.0.0-20210428140749-89ef3d95e781	https://access.redhat.com/security/cve/CVE-2021-31525 https://github.com/golang/go https://github.com/golang/go/issues/45710 https://go.dev/cl/313069 https://go.dev/issue/45710 https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9 https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc https://linux.oracle.com/cve/CVE-2021-31525.html https://linux.oracle.com/errata/ELSA-2021-3076.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF https://nvd.nist.gov/vuln/detail/CVE-2021-31525 https://pkg.go.dev/vuln/GO-2022-0236 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-31525
golang.org/x/net	CVE-2022-41717	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.4.0	https://access.redhat.com/errata/RHSA-2023:6420 https://access.redhat.com/security/cve/CVE-2022-41717 https://bugzilla.redhat.com/2131146 https://bugzilla.redhat.com/2131147 https://bugzilla.redhat.com/2131148 https://bugzilla.redhat.com/2138014 https://bugzilla.redhat.com/2138015 https://bugzilla.redhat.com/2148252 https://bugzilla.redhat.com/2158420 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/2184483 https://cs.opensource.google/go/x/net https://errata.almalinux.org/9/ALSA-2023-6420.html https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://linux.oracle.com/cve/CVE-2022-41717.html https://linux.oracle.com/errata/ELSA-2023-6420.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2022-41717 https://pkg.go.dev/vuln/GO-2022-1144 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-41717
golang.org/x/net	CVE-2023-3978	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.13.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-3978 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://go.dev/cl/514896 https://go.dev/issue/61615 https://linux.oracle.com/cve/CVE-2023-3978.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-3978 https://pkg.go.dev/vuln/GO-2023-1988 https://www.cve.org/CVERecord?id=CVE-2023-3978
golang.org/x/net	CVE-2023-44487	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.17.0	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
golang.org/x/net	CVE-2023-45288	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.23.0	http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://access.redhat.com/errata/RHSA-2024:2724 https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268018 https://bugzilla.redhat.com/2268019 https://bugzilla.redhat.com/2268273 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 https://errata.almalinux.org/9/ALSA-2024-2724.html https://errata.rockylinux.org/RLSA-2024:2724 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://kb.cert.org/vuls/id/421644 https://linux.oracle.com/cve/CVE-2023-45288.html https://linux.oracle.com/errata/ELSA-2024-3346.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://nowotarski.info/http2-continuation-flood-technical-details https://nowotarski.info/http2-continuation-flood/ https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://security.netapp.com/advisory/ntap-20240419-0009/ https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://www.kb.cert.org/vuls/id/421644
golang.org/x/sys	CVE-2022-29526	MEDIUM	v0.0.0-20210403161142-5e06dd20ab57	0.0.0-20220412211240-33da011f77ad	https://access.redhat.com/security/cve/CVE-2022-29526 https://github.com/golang/go https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c https://github.com/golang/go/issues/52313 https://go.dev/cl/399539 https://go.dev/cl/400074 https://go.dev/issue/52313 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU https://linux.oracle.com/cve/CVE-2022-29526.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-29526 https://pkg.go.dev/vuln/GO-2022-0493 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220729-0001 https://security.netapp.com/advisory/ntap-20220729-0001/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-29526
golang.org/x/text	CVE-2021-38561	HIGH	v0.3.5	0.3.7	https://access.redhat.com/security/cve/CVE-2021-38561 https://deps.dev/advisory/OSV/GO-2021-0113 https://go.dev/cl/340830 https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f https://groups.google.com/g/golang-announce https://nvd.nist.gov/vuln/detail/CVE-2021-38561 https://pkg.go.dev/golang.org/x/text/language https://pkg.go.dev/vuln/GO-2021-0113 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2021-38561
golang.org/x/text	CVE-2022-32149	HIGH	v0.3.5	0.3.8	https://access.redhat.com/security/cve/CVE-2022-32149 https://github.com/golang/go/issues/56152 https://github.com/golang/text https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) https://go.dev/cl/442235 https://go.dev/issue/56152 https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ https://groups.google.com/g/golang-dev/c/qfPIly0X7aU https://nvd.nist.gov/vuln/detail/CVE-2022-32149 https://pkg.go.dev/vuln/GO-2022-1059 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2022-32149
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	v1.27.1	1.56.3, 1.57.1, 1.58.3	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g https://nvd.nist.gov/vuln/detail/CVE-2023-44487
google.golang.org/grpc	CVE-2023-44487	MEDIUM	v1.27.1	1.58.3, 1.57.1, 1.56.3	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
google.golang.org/protobuf	CVE-2024-24786	MEDIUM	v1.25.0	1.33.0	http://www.openwall.com/lists/oss-security/2024/03/08/4 https://access.redhat.com/errata/RHSA-2024:2550 https://access.redhat.com/security/cve/CVE-2024-24786 https://bugzilla.redhat.com/2268046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786 https://errata.almalinux.org/9/ALSA-2024-2550.html https://errata.rockylinux.org/RLSA-2024:2550 https://github.com/protocolbuffers/protobuf-go https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023 https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0 https://go-review.googlesource.com/c/protobuf/+/569356 https://go.dev/cl/569356 https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ https://linux.oracle.com/cve/CVE-2024-24786.html https://linux.oracle.com/errata/ELSA-2024-4246.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ https://nvd.nist.gov/vuln/detail/CVE-2024-24786 https://pkg.go.dev/vuln/GO-2024-2611 https://security.netapp.com/advisory/ntap-20240517-0002 https://security.netapp.com/advisory/ntap-20240517-0002/ https://ubuntu.com/security/notices/USN-6746-1 https://ubuntu.com/security/notices/USN-6746-2 https://www.cve.org/CVERecord?id=CVE-2024-24786
k8s.io/apimachinery	GHSA-74fp-r6jw-h4mp	HIGH	v0.0.0-20190913080033-27d36303b655	0.0.0-20190927203648-9ce6eca90e73	https://github.com/advisories/GHSA-pmqp-h87c-mr78 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/83253 https://github.com/kubernetes/kubernetes/pull/83261 https://groups.google.com/g/kubernetes-security-announce/c/jk8polzSUxs https://nvd.nist.gov/vuln/detail/CVE-2019-11253 https://pkg.go.dev/vuln/GO-2022-0965 https://stackoverflow.com/questions/58129150/security-yaml-bomb-user-can-restart-kube-api-by-sending-configmap
k8s.io/apimachinery	CVE-2020-8559	MEDIUM	v0.0.0-20190913080033-27d36303b655	0.16.13, 0.17.9, 0.18.7	https://access.redhat.com/security/cve/CVE-2020-8559 https://bugzilla.redhat.com/show_bug.cgi?id=1851422 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/92914 https://github.com/kubernetes/kubernetes/pull/92941 https://github.com/tdwyer/CVE-2020-8559 https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs https://linux.oracle.com/cve/CVE-2020-8559.html https://linux.oracle.com/errata/ELSA-2020-5767.html https://nvd.nist.gov/vuln/detail/CVE-2020-8559 https://security.netapp.com/advisory/ntap-20200810-0004 https://security.netapp.com/advisory/ntap-20200810-0004/ https://www.cve.org/CVERecord?id=CVE-2020-8559 https://www.cve.org/cverecord?id=CVE-2020-8559
k8s.io/client-go	CVE-2019-11250	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.17.0	http://www.openwall.com/lists/oss-security/2020/10/16/2 https://access.redhat.com/errata/RHSA-2019:4052 https://access.redhat.com/errata/RHSA-2019:4087 https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://access.redhat.com/security/cve/CVE-2019-11250 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245 https://github.com/kubernetes/kubernetes/issues/81114 https://github.com/kubernetes/kubernetes/pull/81330 https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://pkg.go.dev/vuln/GO-2021-0065 https://security.netapp.com/advisory/ntap-20190919-0003 https://security.netapp.com/advisory/ntap-20190919-0003/ https://www.cve.org/CVERecord?id=CVE-2019-11250 https://www.cve.org/cverecord?id=CVE-2019-11250
k8s.io/client-go	CVE-2020-8565	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16	https://access.redhat.com/security/cve/CVE-2020-8565 https://github.com/kubernetes/client-go https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3 https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0 https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86 https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373 https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419 https://github.com/kubernetes/kubernetes/issues/95623 https://github.com/kubernetes/kubernetes/pull/95316 https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ https://nvd.nist.gov/vuln/detail/CVE-2020-8565 https://pkg.go.dev/vuln/GO-2021-0064 https://www.cve.org/CVERecord?id=CVE-2020-8565 https://www.cve.org/cverecord?id=CVE-2020-8565
stdlib	CVE-2022-23806	CRITICAL	v1.16.4	1.16.14, 1.17.7	https://access.redhat.com/security/cve/CVE-2022-23806 https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ https://linux.oracle.com/cve/CVE-2022-23806.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2022-23806 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220225-0006/ https://www.cve.org/CVERecord?id=CVE-2022-23806 https://www.oracle.com/security-alerts/cpujul2022.html
stdlib	CVE-2023-24538	CRITICAL	v1.16.4	1.19.8, 1.20.3	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3) https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8) https://github.com/golang/go/issues/59234 https://go.dev/cl/482079 https://go.dev/issue/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://linux.oracle.com/cve/CVE-2023-24538.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://pkg.go.dev/vuln/GO-2023-1703 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://ubuntu.com/security/notices/USN-6140-1 https://ubuntu.com/security/notices/USN-7061-1 https://www.cve.org/CVERecord?id=CVE-2023-24538
stdlib	CVE-2023-24540	CRITICAL	v1.16.4	1.19.9, 1.20.4	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4) https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9) https://github.com/golang/go/issues/59721 https://go.dev/cl/491616 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://linux.oracle.com/cve/CVE-2023-24540.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://pkg.go.dev/vuln/GO-2023-1752 https://ubuntu.com/security/notices/USN-6140-1 https://www.cve.org/CVERecord?id=CVE-2023-24540
stdlib	CVE-2024-24790	CRITICAL	v1.16.4	1.21.11, 1.22.4	http://www.openwall.com/lists/oss-security/2024/06/04/1 https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790 https://errata.almalinux.org/9/ALSA-2024-9115.html https://errata.rockylinux.org/RLSA-2024:4212 https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21) https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22) https://github.com/golang/go/issues/67680 https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ https://linux.oracle.com/cve/CVE-2024-24790.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://pkg.go.dev/vuln/GO-2024-2887 https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cve.org/CVERecord?id=CVE-2024-24790
stdlib	CVE-2021-33195	HIGH	v1.16.4	1.15.13, 1.16.5	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2021-33195 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://errata.almalinux.org/9/ALSA-2022-8008.html https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI https://linux.oracle.com/cve/CVE-2021-33195.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://nvd.nist.gov/vuln/detail/CVE-2021-33195 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20210902-0005/ https://www.cve.org/CVERecord?id=CVE-2021-33195
stdlib	CVE-2021-33196	HIGH	v1.16.4	1.15.13, 1.16.5	https://access.redhat.com/security/cve/CVE-2021-33196 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI https://linux.oracle.com/cve/CVE-2021-33196.html https://linux.oracle.com/errata/ELSA-2021-3076.html https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2021-33196 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-33196
66 other vulnerabilities found...
No Misconfigurations found

usr/bin/terraform_1.0 (gobinary)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/Masterminds/goutils	CVE-2021-4238	CRITICAL	v1.1.0	1.1.1	https://access.redhat.com/security/cve/CVE-2021-4238 https://github.com/Masterminds/goutils https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 https://github.com/advisories/GHSA-3839-6r69-m497 https://nvd.nist.gov/vuln/detail/CVE-2021-4238 https://pkg.go.dev/vuln/GO-2022-0411 https://www.cve.org/CVERecord?id=CVE-2021-4238
github.com/Masterminds/goutils	GHSA-xg2h-wx96-xgxr	LOW	v1.1.0	1.1.1	https://github.com/Masterminds/goutils https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 https://github.com/Masterminds/goutils/commit/f1923532a168b8203bfe956d8cd3b17ebece5982 https://github.com/Masterminds/goutils/releases/tag/v1.1.1 https://github.com/Masterminds/goutils/security/advisories/GHSA-xg2h-wx96-xgxr
github.com/gogo/protobuf	CVE-2021-3121	HIGH	v1.2.2-0.20190723190241-65acae22fc9d	1.3.2	https://access.redhat.com/security/cve/CVE-2021-3121 https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 https://github.com/gogo/protobuf https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-3121 https://pkg.go.dev/vuln/GO-2021-0053 https://security.netapp.com/advisory/ntap-20210219-0006 https://security.netapp.com/advisory/ntap-20210219-0006/ https://www.cve.org/CVERecord?id=CVE-2021-3121
github.com/hashicorp/consul	CVE-2019-9764	HIGH	v0.0.0-20171026175957-610f3c86a089	1.4.4	https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40 https://github.com/hashicorp/consul/issues/5519 https://nvd.nist.gov/vuln/detail/CVE-2019-9764
github.com/hashicorp/consul	CVE-2020-7219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.6.3	https://access.redhat.com/security/cve/CVE-2020-7219 https://github.com/hashicorp/consul/issues/7159 https://nvd.nist.gov/vuln/detail/CVE-2020-7219 https://www.cve.org/CVERecord?id=CVE-2020-7219 https://www.hashicorp.com/blog/category/consul https://www.hashicorp.com/blog/category/consul/
github.com/hashicorp/consul	CVE-2021-32574	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32574 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-36213	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36213 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-37219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://access.redhat.com/security/cve/CVE-2021-37219 https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0 https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1 https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 https://github.com/hashicorp/consul/pull/10925 https://nvd.nist.gov/vuln/detail/CVE-2021-37219 https://security.gentoo.org/glsa/202207-01 https://www.cve.org/CVERecord?id=CVE-2021-37219 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-29153	HIGH	v0.0.0-20171026175957-610f3c86a089	1.9.17, 1.10.10, 1.11.5	https://access.redhat.com/security/cve/CVE-2022-29153 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 https://github.com/advisories/GHSA-q6h7-4qgw-2j9p https://github.com/hashicorp/consul https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://nvd.nist.gov/vuln/detail/CVE-2022-29153 https://security.gentoo.org/glsa/202208-09 https://security.netapp.com/advisory/ntap-20220602-0005 https://security.netapp.com/advisory/ntap-20220602-0005/ https://www.cve.org/CVERecord?id=CVE-2022-29153
github.com/hashicorp/consul	CVE-2020-25864	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.9.5, 1.8.10, 1.7.14	https://access.redhat.com/security/cve/CVE-2020-25864 https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10023 https://nvd.nist.gov/vuln/detail/CVE-2020-25864 https://security.gentoo.org/glsa/202208-09 https://www.cve.org/CVERecord?id=CVE-2020-25864 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-38698	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10824 https://nvd.nist.gov/vuln/detail/CVE-2021-38698 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-40716	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.11.9, 1.12.5, 1.13.2	https://access.redhat.com/security/cve/CVE-2022-40716 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628/1 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/8f6fb4f6fe9488b8ec37da71ac503081d7d3760b https://github.com/hashicorp/consul/pull/14579 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI https://nvd.nist.gov/vuln/detail/CVE-2022-40716 https://www.cve.org/CVERecord?id=CVE-2022-40716
github.com/hashicorp/consul	CVE-2023-1297	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.14.5, 1.15.3	https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 https://github.com/hashicorp/consul https://nvd.nist.gov/vuln/detail/CVE-2023-1297
github.com/hashicorp/go-getter	CVE-2022-26945	CRITICAL	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-26945 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://nvd.nist.gov/vuln/detail/CVE-2022-26945 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-26945
github.com/hashicorp/go-getter	CVE-2022-30321	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30321 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30321 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30321
github.com/hashicorp/go-getter	CVE-2022-30322	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30322 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30322 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30322
github.com/hashicorp/go-getter	CVE-2022-30323	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30323 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30323 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30323
github.com/hashicorp/go-getter	CVE-2024-6257	HIGH	v1.5.2	1.7.5	https://access.redhat.com/security/cve/CVE-2024-6257 https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 https://github.com/advisories/GHSA-xfhp-jf8p-mh5w https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9 https://nvd.nist.gov/vuln/detail/CVE-2024-6257 https://www.cve.org/CVERecord?id=CVE-2024-6257
github.com/hashicorp/go-getter	CVE-2022-29810	MEDIUM	v1.5.2	1.5.11	https://access.redhat.com/security/cve/CVE-2022-29810 https://github.com/golang/vulndb/issues/438 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11 https://nvd.nist.gov/vuln/detail/CVE-2022-29810 https://pkg.go.dev/vuln/GO-2022-0438 https://www.cve.org/CVERecord?id=CVE-2022-29810
github.com/hashicorp/go-getter	CVE-2023-0475	MEDIUM	v1.5.2	1.7.0	https://access.redhat.com/security/cve/CVE-2023-0475 https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6 https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc https://nvd.nist.gov/vuln/detail/CVE-2023-0475 https://www.cve.org/CVERecord?id=CVE-2023-0475
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	MEDIUM	v0.5.2	0.7.7	https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-6104 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://discuss.hashicorp.com/c/security https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027 https://errata.almalinux.org/9/ALSA-2024-9115.html https://github.com/advisories/GHSA-v6v8-xj6m-xwqh https://github.com/hashicorp/go-retryablehttp https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a https://linux.oracle.com/cve/CVE-2024-6104.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-6104 https://www.cve.org/CVERecord?id=CVE-2024-6104
github.com/hashicorp/go-slug	CVE-2020-29529	HIGH	v0.4.1	0.5.0	https://access.redhat.com/security/cve/CVE-2020-29529 https://github.com/hashicorp/go-slug https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f https://github.com/hashicorp/go-slug/commit/764785bc4cbb9e600ad1cf1a6bd21b535c182983 https://github.com/hashicorp/go-slug/compare/v0.4.3...v0.5.0 https://github.com/hashicorp/go-slug/pull/12 https://github.com/hashicorp/go-slug/releases/tag/v0.5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-29529 https://pkg.go.dev/vuln/GO-2021-0094 https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug https://www.cve.org/CVERecord?id=CVE-2020-29529
go.etcd.io/etcd	CVE-2020-15114	HIGH	v0.5.0-alpha.5.0.20210428180535-15715dcf1ace	3.4.10, 3.3.23	https://access.redhat.com/security/cve/CVE-2020-15114 https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP https://nvd.nist.gov/vuln/detail/CVE-2020-15114 https://ubuntu.com/security/notices/USN-5628-1 https://ubuntu.com/security/notices/USN-5628-2 https://www.cve.org/CVERecord?id=CVE-2020-15114
go.etcd.io/etcd	CVE-2018-1099	MEDIUM	v0.5.0-alpha.5.0.20210428180535-15715dcf1ace	3.4.0	https://access.redhat.com/security/cve/CVE-2018-1099 https://bugzilla.redhat.com/show_bug.cgi?id=1552717 https://github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56 https://github.com/coreos/etcd/issues/9353 https://github.com/etcd-io/etcd/issues/10479 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS https://nvd.nist.gov/vuln/detail/CVE-2018-1099 https://www.cve.org/CVERecord?id=CVE-2018-1099
go.etcd.io/etcd	CVE-2020-15136	MEDIUM	v0.5.0-alpha.5.0.20210428180535-15715dcf1ace	3.4.10, 3.3.23	https://access.redhat.com/security/cve/CVE-2020-15136 https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP https://nvd.nist.gov/vuln/detail/CVE-2020-15136 https://www.cve.org/CVERecord?id=CVE-2020-15136
golang.org/x/crypto	CVE-2021-43565	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20211202192323-5770296d904e	https://access.redhat.com/security/cve/CVE-2021-43565 https://go.dev/cl/368814 https://go.dev/issues/49932 https://groups.google.com/forum/#!forum/golang-announce https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs https://nvd.nist.gov/vuln/detail/CVE-2021-43565 https://pkg.go.dev/vuln/GO-2022-0968 https://www.cve.org/CVERecord?id=CVE-2021-43565
golang.org/x/crypto	CVE-2022-27191	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20220314234659-1baeb1ce4c0b	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2022-27191 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://cs.opensource.google/go/x/crypto https://errata.almalinux.org/9/ALSA-2022-8008.html https://go.dev/cl/392355 https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/-cp44ypCT5s https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ https://linux.oracle.com/cve/CVE-2022-27191.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-27191 https://pkg.go.dev/vuln/GO-2021-0356 https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml https://security.netapp.com/advisory/ntap-20220429-0002 https://security.netapp.com/advisory/ntap-20220429-0002/ https://www.cve.org/CVERecord?id=CVE-2022-27191
golang.org/x/crypto	CVE-2023-48795	MEDIUM	v0.0.0-20210322153248-0c34fe9e7dc2	0.17.0	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/errata/RHSA-2024:1150 https://access.redhat.com/security/cve/CVE-2023-48795 https://access.redhat.com/security/cve/cve-2023-48795 https://access.redhat.com/solutions/7071748 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/2254210 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 https://errata.almalinux.org/9/ALSA-2024-1150.html https://errata.rockylinux.org/RLSA-2024:0628 https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 https://gitlab.com/libssh/libssh-mirror/-/tags https://go.dev/cl/550715 https://go.dev/issue/64784 https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5 https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://linux.oracle.com/cve/CVE-2023-48795.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://oryx-embedded.com/download/#changelog https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 https://security.netapp.com/advisory/ntap-20240105-0004 https://security.netapp.com/advisory/ntap-20240105-0004/ https://support.apple.com/kb/HT214084 https://terrapin-attack.com/ https://thorntech.com/cve-2023-48795-and-sftp-gateway https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://ubuntu.com/security/notices/USN-6560-1 https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6561-1 https://ubuntu.com/security/notices/USN-6585-1 https://ubuntu.com/security/notices/USN-6589-1 https://ubuntu.com/security/notices/USN-6598-1 https://ubuntu.com/security/notices/USN-6738-1 https://ubuntu.com/security/notices/USN-7051-1 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.debian.org/security/2023/dsa-5586 https://www.debian.org/security/2023/dsa-5588 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt
golang.org/x/net	CVE-2022-27664	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-27664 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=1913333 https://bugzilla.redhat.com/show_bug.cgi?id=1913338 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 https://bugzilla.redhat.com/show_bug.cgi?id=2124669 https://cs.opensource.google/go/x/net https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:7129 https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) https://github.com/golang/go/issues/54658 https://go.dev/cl/428735 https://go.dev/issue/54658 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ https://linux.oracle.com/cve/CVE-2022-27664.html https://linux.oracle.com/errata/ELSA-2024-0121.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://pkg.go.dev/vuln/GO-2022-0969 https://security.gentoo.org/glsa/202209-26 https://security.netapp.com/advisory/ntap-20220923-0004 https://security.netapp.com/advisory/ntap-20220923-0004/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-27664
golang.org/x/net	CVE-2022-41723	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://linux.oracle.com/cve/CVE-2022-41723.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/ https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://pkg.go.dev/vuln/GO-2023-1571 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://vuln.go.dev/ID/GO-2023-1571.json https://www.couchbase.com/alerts https://www.couchbase.com/alerts/ https://www.cve.org/CVERecord?id=CVE-2022-41723
golang.org/x/net	CVE-2023-39325	HIGH	v0.0.0-20210614182718-04defd469f4e	0.17.0	golang.org/x/net https://access.redhat.com/errata/RHSA-2023:6077 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://errata.almalinux.org/9/ALSA-2023-6077.html https://errata.rockylinux.org/RLSA-2023:6077 https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] https://github.com/golang/go/issues/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://linux.oracle.com/cve/CVE-2023-39325.html https://linux.oracle.com/errata/ELSA-2023-5867.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://pkg.go.dev/vuln/GO-2023-2102 https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231110-0008 https://security.netapp.com/advisory/ntap-20231110-0008/ https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-7061-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-39325
golang.org/x/net	CVE-2022-41717	MEDIUM	v0.0.0-20210614182718-04defd469f4e	0.4.0	https://access.redhat.com/errata/RHSA-2023:6420 https://access.redhat.com/security/cve/CVE-2022-41717 https://bugzilla.redhat.com/2131146 https://bugzilla.redhat.com/2131147 https://bugzilla.redhat.com/2131148 https://bugzilla.redhat.com/2138014 https://bugzilla.redhat.com/2138015 https://bugzilla.redhat.com/2148252 https://bugzilla.redhat.com/2158420 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/2184483 https://cs.opensource.google/go/x/net https://errata.almalinux.org/9/ALSA-2023-6420.html https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://linux.oracle.com/cve/CVE-2022-41717.html https://linux.oracle.com/errata/ELSA-2023-6420.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2022-41717 https://pkg.go.dev/vuln/GO-2022-1144 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-41717
golang.org/x/net	CVE-2023-3978	MEDIUM	v0.0.0-20210614182718-04defd469f4e	0.13.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-3978 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://go.dev/cl/514896 https://go.dev/issue/61615 https://linux.oracle.com/cve/CVE-2023-3978.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-3978 https://pkg.go.dev/vuln/GO-2023-1988 https://www.cve.org/CVERecord?id=CVE-2023-3978
golang.org/x/net	CVE-2023-44487	MEDIUM	v0.0.0-20210614182718-04defd469f4e	0.17.0	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
golang.org/x/net	CVE-2023-45288	MEDIUM	v0.0.0-20210614182718-04defd469f4e	0.23.0	http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://access.redhat.com/errata/RHSA-2024:2724 https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268018 https://bugzilla.redhat.com/2268019 https://bugzilla.redhat.com/2268273 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 https://errata.almalinux.org/9/ALSA-2024-2724.html https://errata.rockylinux.org/RLSA-2024:2724 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://kb.cert.org/vuls/id/421644 https://linux.oracle.com/cve/CVE-2023-45288.html https://linux.oracle.com/errata/ELSA-2024-3346.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://nowotarski.info/http2-continuation-flood-technical-details https://nowotarski.info/http2-continuation-flood/ https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://security.netapp.com/advisory/ntap-20240419-0009/ https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://www.kb.cert.org/vuls/id/421644
golang.org/x/sys	CVE-2022-29526	MEDIUM	v0.0.0-20210423082822-04245dca01da	0.0.0-20220412211240-33da011f77ad	https://access.redhat.com/security/cve/CVE-2022-29526 https://github.com/golang/go https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c https://github.com/golang/go/issues/52313 https://go.dev/cl/399539 https://go.dev/cl/400074 https://go.dev/issue/52313 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU https://linux.oracle.com/cve/CVE-2022-29526.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-29526 https://pkg.go.dev/vuln/GO-2022-0493 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220729-0001 https://security.netapp.com/advisory/ntap-20220729-0001/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-29526
golang.org/x/text	CVE-2021-38561	HIGH	v0.3.6	0.3.7	https://access.redhat.com/security/cve/CVE-2021-38561 https://deps.dev/advisory/OSV/GO-2021-0113 https://go.dev/cl/340830 https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f https://groups.google.com/g/golang-announce https://nvd.nist.gov/vuln/detail/CVE-2021-38561 https://pkg.go.dev/golang.org/x/text/language https://pkg.go.dev/vuln/GO-2021-0113 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2021-38561
golang.org/x/text	CVE-2022-32149	HIGH	v0.3.6	0.3.8	https://access.redhat.com/security/cve/CVE-2022-32149 https://github.com/golang/go/issues/56152 https://github.com/golang/text https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) https://go.dev/cl/442235 https://go.dev/issue/56152 https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ https://groups.google.com/g/golang-dev/c/qfPIly0X7aU https://nvd.nist.gov/vuln/detail/CVE-2022-32149 https://pkg.go.dev/vuln/GO-2022-1059 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2022-32149
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	v1.27.1	1.56.3, 1.57.1, 1.58.3	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g https://nvd.nist.gov/vuln/detail/CVE-2023-44487
google.golang.org/grpc	CVE-2023-44487	MEDIUM	v1.27.1	1.58.3, 1.57.1, 1.56.3	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
google.golang.org/protobuf	CVE-2024-24786	MEDIUM	v1.25.0	1.33.0	http://www.openwall.com/lists/oss-security/2024/03/08/4 https://access.redhat.com/errata/RHSA-2024:2550 https://access.redhat.com/security/cve/CVE-2024-24786 https://bugzilla.redhat.com/2268046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786 https://errata.almalinux.org/9/ALSA-2024-2550.html https://errata.rockylinux.org/RLSA-2024:2550 https://github.com/protocolbuffers/protobuf-go https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023 https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0 https://go-review.googlesource.com/c/protobuf/+/569356 https://go.dev/cl/569356 https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ https://linux.oracle.com/cve/CVE-2024-24786.html https://linux.oracle.com/errata/ELSA-2024-4246.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ https://nvd.nist.gov/vuln/detail/CVE-2024-24786 https://pkg.go.dev/vuln/GO-2024-2611 https://security.netapp.com/advisory/ntap-20240517-0002 https://security.netapp.com/advisory/ntap-20240517-0002/ https://ubuntu.com/security/notices/USN-6746-1 https://ubuntu.com/security/notices/USN-6746-2 https://www.cve.org/CVERecord?id=CVE-2024-24786
k8s.io/apimachinery	GHSA-74fp-r6jw-h4mp	HIGH	v0.0.0-20190913080033-27d36303b655	0.0.0-20190927203648-9ce6eca90e73	https://github.com/advisories/GHSA-pmqp-h87c-mr78 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/83253 https://github.com/kubernetes/kubernetes/pull/83261 https://groups.google.com/g/kubernetes-security-announce/c/jk8polzSUxs https://nvd.nist.gov/vuln/detail/CVE-2019-11253 https://pkg.go.dev/vuln/GO-2022-0965 https://stackoverflow.com/questions/58129150/security-yaml-bomb-user-can-restart-kube-api-by-sending-configmap
k8s.io/apimachinery	CVE-2020-8559	MEDIUM	v0.0.0-20190913080033-27d36303b655	0.16.13, 0.17.9, 0.18.7	https://access.redhat.com/security/cve/CVE-2020-8559 https://bugzilla.redhat.com/show_bug.cgi?id=1851422 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/92914 https://github.com/kubernetes/kubernetes/pull/92941 https://github.com/tdwyer/CVE-2020-8559 https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs https://linux.oracle.com/cve/CVE-2020-8559.html https://linux.oracle.com/errata/ELSA-2020-5767.html https://nvd.nist.gov/vuln/detail/CVE-2020-8559 https://security.netapp.com/advisory/ntap-20200810-0004 https://security.netapp.com/advisory/ntap-20200810-0004/ https://www.cve.org/CVERecord?id=CVE-2020-8559 https://www.cve.org/cverecord?id=CVE-2020-8559
k8s.io/client-go	CVE-2019-11250	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.17.0	http://www.openwall.com/lists/oss-security/2020/10/16/2 https://access.redhat.com/errata/RHSA-2019:4052 https://access.redhat.com/errata/RHSA-2019:4087 https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://access.redhat.com/security/cve/CVE-2019-11250 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245 https://github.com/kubernetes/kubernetes/issues/81114 https://github.com/kubernetes/kubernetes/pull/81330 https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://pkg.go.dev/vuln/GO-2021-0065 https://security.netapp.com/advisory/ntap-20190919-0003 https://security.netapp.com/advisory/ntap-20190919-0003/ https://www.cve.org/CVERecord?id=CVE-2019-11250 https://www.cve.org/cverecord?id=CVE-2019-11250
k8s.io/client-go	CVE-2020-8565	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16	https://access.redhat.com/security/cve/CVE-2020-8565 https://github.com/kubernetes/client-go https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3 https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0 https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86 https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373 https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419 https://github.com/kubernetes/kubernetes/issues/95623 https://github.com/kubernetes/kubernetes/pull/95316 https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ https://nvd.nist.gov/vuln/detail/CVE-2020-8565 https://pkg.go.dev/vuln/GO-2021-0064 https://www.cve.org/CVERecord?id=CVE-2020-8565 https://www.cve.org/cverecord?id=CVE-2020-8565
stdlib	CVE-2022-23806	CRITICAL	v1.16.4	1.16.14, 1.17.7	https://access.redhat.com/security/cve/CVE-2022-23806 https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ https://linux.oracle.com/cve/CVE-2022-23806.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2022-23806 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220225-0006/ https://www.cve.org/CVERecord?id=CVE-2022-23806 https://www.oracle.com/security-alerts/cpujul2022.html
stdlib	CVE-2023-24538	CRITICAL	v1.16.4	1.19.8, 1.20.3	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3) https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8) https://github.com/golang/go/issues/59234 https://go.dev/cl/482079 https://go.dev/issue/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://linux.oracle.com/cve/CVE-2023-24538.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://pkg.go.dev/vuln/GO-2023-1703 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://ubuntu.com/security/notices/USN-6140-1 https://ubuntu.com/security/notices/USN-7061-1 https://www.cve.org/CVERecord?id=CVE-2023-24538
stdlib	CVE-2023-24540	CRITICAL	v1.16.4	1.19.9, 1.20.4	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4) https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9) https://github.com/golang/go/issues/59721 https://go.dev/cl/491616 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://linux.oracle.com/cve/CVE-2023-24540.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://pkg.go.dev/vuln/GO-2023-1752 https://ubuntu.com/security/notices/USN-6140-1 https://www.cve.org/CVERecord?id=CVE-2023-24540
stdlib	CVE-2024-24790	CRITICAL	v1.16.4	1.21.11, 1.22.4	http://www.openwall.com/lists/oss-security/2024/06/04/1 https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790 https://errata.almalinux.org/9/ALSA-2024-9115.html https://errata.rockylinux.org/RLSA-2024:4212 https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21) https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22) https://github.com/golang/go/issues/67680 https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ https://linux.oracle.com/cve/CVE-2024-24790.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://pkg.go.dev/vuln/GO-2024-2887 https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cve.org/CVERecord?id=CVE-2024-24790
stdlib	CVE-2021-33195	HIGH	v1.16.4	1.15.13, 1.16.5	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2021-33195 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://errata.almalinux.org/9/ALSA-2022-8008.html https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI https://linux.oracle.com/cve/CVE-2021-33195.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://nvd.nist.gov/vuln/detail/CVE-2021-33195 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20210902-0005/ https://www.cve.org/CVERecord?id=CVE-2021-33195
67 other vulnerabilities found...
No Misconfigurations found

usr/bin/terraform_1.0.10 (gobinary)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/Masterminds/goutils	CVE-2021-4238	CRITICAL	v1.1.0	1.1.1	https://access.redhat.com/security/cve/CVE-2021-4238 https://github.com/Masterminds/goutils https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 https://github.com/advisories/GHSA-3839-6r69-m497 https://nvd.nist.gov/vuln/detail/CVE-2021-4238 https://pkg.go.dev/vuln/GO-2022-0411 https://www.cve.org/CVERecord?id=CVE-2021-4238
github.com/Masterminds/goutils	GHSA-xg2h-wx96-xgxr	LOW	v1.1.0	1.1.1	https://github.com/Masterminds/goutils https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 https://github.com/Masterminds/goutils/commit/f1923532a168b8203bfe956d8cd3b17ebece5982 https://github.com/Masterminds/goutils/releases/tag/v1.1.1 https://github.com/Masterminds/goutils/security/advisories/GHSA-xg2h-wx96-xgxr
github.com/gogo/protobuf	CVE-2021-3121	HIGH	v1.2.2-0.20190723190241-65acae22fc9d	1.3.2	https://access.redhat.com/security/cve/CVE-2021-3121 https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 https://github.com/gogo/protobuf https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-3121 https://pkg.go.dev/vuln/GO-2021-0053 https://security.netapp.com/advisory/ntap-20210219-0006 https://security.netapp.com/advisory/ntap-20210219-0006/ https://www.cve.org/CVERecord?id=CVE-2021-3121
github.com/hashicorp/consul	CVE-2019-9764	HIGH	v0.0.0-20171026175957-610f3c86a089	1.4.4	https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40 https://github.com/hashicorp/consul/issues/5519 https://nvd.nist.gov/vuln/detail/CVE-2019-9764
github.com/hashicorp/consul	CVE-2020-7219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.6.3	https://access.redhat.com/security/cve/CVE-2020-7219 https://github.com/hashicorp/consul/issues/7159 https://nvd.nist.gov/vuln/detail/CVE-2020-7219 https://www.cve.org/CVERecord?id=CVE-2020-7219 https://www.hashicorp.com/blog/category/consul https://www.hashicorp.com/blog/category/consul/
github.com/hashicorp/consul	CVE-2021-32574	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32574 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-36213	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36213 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-37219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://access.redhat.com/security/cve/CVE-2021-37219 https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0 https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1 https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 https://github.com/hashicorp/consul/pull/10925 https://nvd.nist.gov/vuln/detail/CVE-2021-37219 https://security.gentoo.org/glsa/202207-01 https://www.cve.org/CVERecord?id=CVE-2021-37219 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-29153	HIGH	v0.0.0-20171026175957-610f3c86a089	1.9.17, 1.10.10, 1.11.5	https://access.redhat.com/security/cve/CVE-2022-29153 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 https://github.com/advisories/GHSA-q6h7-4qgw-2j9p https://github.com/hashicorp/consul https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://nvd.nist.gov/vuln/detail/CVE-2022-29153 https://security.gentoo.org/glsa/202208-09 https://security.netapp.com/advisory/ntap-20220602-0005 https://security.netapp.com/advisory/ntap-20220602-0005/ https://www.cve.org/CVERecord?id=CVE-2022-29153
github.com/hashicorp/consul	CVE-2020-25864	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.9.5, 1.8.10, 1.7.14	https://access.redhat.com/security/cve/CVE-2020-25864 https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10023 https://nvd.nist.gov/vuln/detail/CVE-2020-25864 https://security.gentoo.org/glsa/202208-09 https://www.cve.org/CVERecord?id=CVE-2020-25864 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-38698	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10824 https://nvd.nist.gov/vuln/detail/CVE-2021-38698 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-40716	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.11.9, 1.12.5, 1.13.2	https://access.redhat.com/security/cve/CVE-2022-40716 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628/1 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/8f6fb4f6fe9488b8ec37da71ac503081d7d3760b https://github.com/hashicorp/consul/pull/14579 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI https://nvd.nist.gov/vuln/detail/CVE-2022-40716 https://www.cve.org/CVERecord?id=CVE-2022-40716
github.com/hashicorp/consul	CVE-2023-1297	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.14.5, 1.15.3	https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 https://github.com/hashicorp/consul https://nvd.nist.gov/vuln/detail/CVE-2023-1297
github.com/hashicorp/go-getter	CVE-2022-26945	CRITICAL	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-26945 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://nvd.nist.gov/vuln/detail/CVE-2022-26945 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-26945
github.com/hashicorp/go-getter	CVE-2022-30321	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30321 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30321 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30321
github.com/hashicorp/go-getter	CVE-2022-30322	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30322 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30322 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30322
github.com/hashicorp/go-getter	CVE-2022-30323	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30323 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30323 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30323
github.com/hashicorp/go-getter	CVE-2024-6257	HIGH	v1.5.2	1.7.5	https://access.redhat.com/security/cve/CVE-2024-6257 https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 https://github.com/advisories/GHSA-xfhp-jf8p-mh5w https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9 https://nvd.nist.gov/vuln/detail/CVE-2024-6257 https://www.cve.org/CVERecord?id=CVE-2024-6257
github.com/hashicorp/go-getter	CVE-2022-29810	MEDIUM	v1.5.2	1.5.11	https://access.redhat.com/security/cve/CVE-2022-29810 https://github.com/golang/vulndb/issues/438 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11 https://nvd.nist.gov/vuln/detail/CVE-2022-29810 https://pkg.go.dev/vuln/GO-2022-0438 https://www.cve.org/CVERecord?id=CVE-2022-29810
github.com/hashicorp/go-getter	CVE-2023-0475	MEDIUM	v1.5.2	1.7.0	https://access.redhat.com/security/cve/CVE-2023-0475 https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6 https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc https://nvd.nist.gov/vuln/detail/CVE-2023-0475 https://www.cve.org/CVERecord?id=CVE-2023-0475
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	MEDIUM	v0.5.2	0.7.7	https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-6104 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://discuss.hashicorp.com/c/security https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027 https://errata.almalinux.org/9/ALSA-2024-9115.html https://github.com/advisories/GHSA-v6v8-xj6m-xwqh https://github.com/hashicorp/go-retryablehttp https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a https://linux.oracle.com/cve/CVE-2024-6104.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-6104 https://www.cve.org/CVERecord?id=CVE-2024-6104
github.com/hashicorp/go-slug	CVE-2020-29529	HIGH	v0.4.1	0.5.0	https://access.redhat.com/security/cve/CVE-2020-29529 https://github.com/hashicorp/go-slug https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f https://github.com/hashicorp/go-slug/commit/764785bc4cbb9e600ad1cf1a6bd21b535c182983 https://github.com/hashicorp/go-slug/compare/v0.4.3...v0.5.0 https://github.com/hashicorp/go-slug/pull/12 https://github.com/hashicorp/go-slug/releases/tag/v0.5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-29529 https://pkg.go.dev/vuln/GO-2021-0094 https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug https://www.cve.org/CVERecord?id=CVE-2020-29529
go.etcd.io/etcd	CVE-2020-15114	HIGH	v0.5.0-alpha.5.0.20210428180535-15715dcf1ace	3.4.10, 3.3.23	https://access.redhat.com/security/cve/CVE-2020-15114 https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP https://nvd.nist.gov/vuln/detail/CVE-2020-15114 https://ubuntu.com/security/notices/USN-5628-1 https://ubuntu.com/security/notices/USN-5628-2 https://www.cve.org/CVERecord?id=CVE-2020-15114
go.etcd.io/etcd	CVE-2018-1099	MEDIUM	v0.5.0-alpha.5.0.20210428180535-15715dcf1ace	3.4.0	https://access.redhat.com/security/cve/CVE-2018-1099 https://bugzilla.redhat.com/show_bug.cgi?id=1552717 https://github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56 https://github.com/coreos/etcd/issues/9353 https://github.com/etcd-io/etcd/issues/10479 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS https://nvd.nist.gov/vuln/detail/CVE-2018-1099 https://www.cve.org/CVERecord?id=CVE-2018-1099
go.etcd.io/etcd	CVE-2020-15136	MEDIUM	v0.5.0-alpha.5.0.20210428180535-15715dcf1ace	3.4.10, 3.3.23	https://access.redhat.com/security/cve/CVE-2020-15136 https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP https://nvd.nist.gov/vuln/detail/CVE-2020-15136 https://www.cve.org/CVERecord?id=CVE-2020-15136
golang.org/x/crypto	CVE-2021-43565	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20211202192323-5770296d904e	https://access.redhat.com/security/cve/CVE-2021-43565 https://go.dev/cl/368814 https://go.dev/issues/49932 https://groups.google.com/forum/#!forum/golang-announce https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs https://nvd.nist.gov/vuln/detail/CVE-2021-43565 https://pkg.go.dev/vuln/GO-2022-0968 https://www.cve.org/CVERecord?id=CVE-2021-43565
golang.org/x/crypto	CVE-2022-27191	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20220314234659-1baeb1ce4c0b	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2022-27191 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://cs.opensource.google/go/x/crypto https://errata.almalinux.org/9/ALSA-2022-8008.html https://go.dev/cl/392355 https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/-cp44ypCT5s https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ https://linux.oracle.com/cve/CVE-2022-27191.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-27191 https://pkg.go.dev/vuln/GO-2021-0356 https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml https://security.netapp.com/advisory/ntap-20220429-0002 https://security.netapp.com/advisory/ntap-20220429-0002/ https://www.cve.org/CVERecord?id=CVE-2022-27191
golang.org/x/crypto	CVE-2023-48795	MEDIUM	v0.0.0-20210322153248-0c34fe9e7dc2	0.17.0	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/errata/RHSA-2024:1150 https://access.redhat.com/security/cve/CVE-2023-48795 https://access.redhat.com/security/cve/cve-2023-48795 https://access.redhat.com/solutions/7071748 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/2254210 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 https://errata.almalinux.org/9/ALSA-2024-1150.html https://errata.rockylinux.org/RLSA-2024:0628 https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 https://gitlab.com/libssh/libssh-mirror/-/tags https://go.dev/cl/550715 https://go.dev/issue/64784 https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5 https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://linux.oracle.com/cve/CVE-2023-48795.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://oryx-embedded.com/download/#changelog https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 https://security.netapp.com/advisory/ntap-20240105-0004 https://security.netapp.com/advisory/ntap-20240105-0004/ https://support.apple.com/kb/HT214084 https://terrapin-attack.com/ https://thorntech.com/cve-2023-48795-and-sftp-gateway https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://ubuntu.com/security/notices/USN-6560-1 https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6561-1 https://ubuntu.com/security/notices/USN-6585-1 https://ubuntu.com/security/notices/USN-6589-1 https://ubuntu.com/security/notices/USN-6598-1 https://ubuntu.com/security/notices/USN-6738-1 https://ubuntu.com/security/notices/USN-7051-1 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.debian.org/security/2023/dsa-5586 https://www.debian.org/security/2023/dsa-5588 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt
golang.org/x/net	CVE-2022-27664	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-27664 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=1913333 https://bugzilla.redhat.com/show_bug.cgi?id=1913338 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 https://bugzilla.redhat.com/show_bug.cgi?id=2124669 https://cs.opensource.google/go/x/net https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:7129 https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) https://github.com/golang/go/issues/54658 https://go.dev/cl/428735 https://go.dev/issue/54658 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ https://linux.oracle.com/cve/CVE-2022-27664.html https://linux.oracle.com/errata/ELSA-2024-0121.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://pkg.go.dev/vuln/GO-2022-0969 https://security.gentoo.org/glsa/202209-26 https://security.netapp.com/advisory/ntap-20220923-0004 https://security.netapp.com/advisory/ntap-20220923-0004/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-27664
golang.org/x/net	CVE-2022-41723	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://linux.oracle.com/cve/CVE-2022-41723.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/ https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://pkg.go.dev/vuln/GO-2023-1571 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://vuln.go.dev/ID/GO-2023-1571.json https://www.couchbase.com/alerts https://www.couchbase.com/alerts/ https://www.cve.org/CVERecord?id=CVE-2022-41723
golang.org/x/net	CVE-2023-39325	HIGH	v0.0.0-20210614182718-04defd469f4e	0.17.0	golang.org/x/net https://access.redhat.com/errata/RHSA-2023:6077 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://errata.almalinux.org/9/ALSA-2023-6077.html https://errata.rockylinux.org/RLSA-2023:6077 https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] https://github.com/golang/go/issues/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://linux.oracle.com/cve/CVE-2023-39325.html https://linux.oracle.com/errata/ELSA-2023-5867.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://pkg.go.dev/vuln/GO-2023-2102 https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231110-0008 https://security.netapp.com/advisory/ntap-20231110-0008/ https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-7061-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-39325
golang.org/x/net	CVE-2022-41717	MEDIUM	v0.0.0-20210614182718-04defd469f4e	0.4.0	https://access.redhat.com/errata/RHSA-2023:6420 https://access.redhat.com/security/cve/CVE-2022-41717 https://bugzilla.redhat.com/2131146 https://bugzilla.redhat.com/2131147 https://bugzilla.redhat.com/2131148 https://bugzilla.redhat.com/2138014 https://bugzilla.redhat.com/2138015 https://bugzilla.redhat.com/2148252 https://bugzilla.redhat.com/2158420 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/2184483 https://cs.opensource.google/go/x/net https://errata.almalinux.org/9/ALSA-2023-6420.html https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://linux.oracle.com/cve/CVE-2022-41717.html https://linux.oracle.com/errata/ELSA-2023-6420.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2022-41717 https://pkg.go.dev/vuln/GO-2022-1144 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-41717
golang.org/x/net	CVE-2023-3978	MEDIUM	v0.0.0-20210614182718-04defd469f4e	0.13.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-3978 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://go.dev/cl/514896 https://go.dev/issue/61615 https://linux.oracle.com/cve/CVE-2023-3978.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-3978 https://pkg.go.dev/vuln/GO-2023-1988 https://www.cve.org/CVERecord?id=CVE-2023-3978
golang.org/x/net	CVE-2023-44487	MEDIUM	v0.0.0-20210614182718-04defd469f4e	0.17.0	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
golang.org/x/net	CVE-2023-45288	MEDIUM	v0.0.0-20210614182718-04defd469f4e	0.23.0	http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://access.redhat.com/errata/RHSA-2024:2724 https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268018 https://bugzilla.redhat.com/2268019 https://bugzilla.redhat.com/2268273 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 https://errata.almalinux.org/9/ALSA-2024-2724.html https://errata.rockylinux.org/RLSA-2024:2724 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://kb.cert.org/vuls/id/421644 https://linux.oracle.com/cve/CVE-2023-45288.html https://linux.oracle.com/errata/ELSA-2024-3346.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://nowotarski.info/http2-continuation-flood-technical-details https://nowotarski.info/http2-continuation-flood/ https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://security.netapp.com/advisory/ntap-20240419-0009/ https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://www.kb.cert.org/vuls/id/421644
golang.org/x/sys	CVE-2022-29526	MEDIUM	v0.0.0-20210423082822-04245dca01da	0.0.0-20220412211240-33da011f77ad	https://access.redhat.com/security/cve/CVE-2022-29526 https://github.com/golang/go https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c https://github.com/golang/go/issues/52313 https://go.dev/cl/399539 https://go.dev/cl/400074 https://go.dev/issue/52313 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU https://linux.oracle.com/cve/CVE-2022-29526.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-29526 https://pkg.go.dev/vuln/GO-2022-0493 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220729-0001 https://security.netapp.com/advisory/ntap-20220729-0001/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-29526
golang.org/x/text	CVE-2021-38561	HIGH	v0.3.6	0.3.7	https://access.redhat.com/security/cve/CVE-2021-38561 https://deps.dev/advisory/OSV/GO-2021-0113 https://go.dev/cl/340830 https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f https://groups.google.com/g/golang-announce https://nvd.nist.gov/vuln/detail/CVE-2021-38561 https://pkg.go.dev/golang.org/x/text/language https://pkg.go.dev/vuln/GO-2021-0113 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2021-38561
golang.org/x/text	CVE-2022-32149	HIGH	v0.3.6	0.3.8	https://access.redhat.com/security/cve/CVE-2022-32149 https://github.com/golang/go/issues/56152 https://github.com/golang/text https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) https://go.dev/cl/442235 https://go.dev/issue/56152 https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ https://groups.google.com/g/golang-dev/c/qfPIly0X7aU https://nvd.nist.gov/vuln/detail/CVE-2022-32149 https://pkg.go.dev/vuln/GO-2022-1059 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2022-32149
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	v1.27.1	1.56.3, 1.57.1, 1.58.3	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g https://nvd.nist.gov/vuln/detail/CVE-2023-44487
google.golang.org/grpc	CVE-2023-44487	MEDIUM	v1.27.1	1.58.3, 1.57.1, 1.56.3	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
google.golang.org/protobuf	CVE-2024-24786	MEDIUM	v1.25.0	1.33.0	http://www.openwall.com/lists/oss-security/2024/03/08/4 https://access.redhat.com/errata/RHSA-2024:2550 https://access.redhat.com/security/cve/CVE-2024-24786 https://bugzilla.redhat.com/2268046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786 https://errata.almalinux.org/9/ALSA-2024-2550.html https://errata.rockylinux.org/RLSA-2024:2550 https://github.com/protocolbuffers/protobuf-go https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023 https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0 https://go-review.googlesource.com/c/protobuf/+/569356 https://go.dev/cl/569356 https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ https://linux.oracle.com/cve/CVE-2024-24786.html https://linux.oracle.com/errata/ELSA-2024-4246.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ https://nvd.nist.gov/vuln/detail/CVE-2024-24786 https://pkg.go.dev/vuln/GO-2024-2611 https://security.netapp.com/advisory/ntap-20240517-0002 https://security.netapp.com/advisory/ntap-20240517-0002/ https://ubuntu.com/security/notices/USN-6746-1 https://ubuntu.com/security/notices/USN-6746-2 https://www.cve.org/CVERecord?id=CVE-2024-24786
k8s.io/apimachinery	GHSA-74fp-r6jw-h4mp	HIGH	v0.0.0-20190913080033-27d36303b655	0.0.0-20190927203648-9ce6eca90e73	https://github.com/advisories/GHSA-pmqp-h87c-mr78 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/83253 https://github.com/kubernetes/kubernetes/pull/83261 https://groups.google.com/g/kubernetes-security-announce/c/jk8polzSUxs https://nvd.nist.gov/vuln/detail/CVE-2019-11253 https://pkg.go.dev/vuln/GO-2022-0965 https://stackoverflow.com/questions/58129150/security-yaml-bomb-user-can-restart-kube-api-by-sending-configmap
k8s.io/apimachinery	CVE-2020-8559	MEDIUM	v0.0.0-20190913080033-27d36303b655	0.16.13, 0.17.9, 0.18.7	https://access.redhat.com/security/cve/CVE-2020-8559 https://bugzilla.redhat.com/show_bug.cgi?id=1851422 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/92914 https://github.com/kubernetes/kubernetes/pull/92941 https://github.com/tdwyer/CVE-2020-8559 https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs https://linux.oracle.com/cve/CVE-2020-8559.html https://linux.oracle.com/errata/ELSA-2020-5767.html https://nvd.nist.gov/vuln/detail/CVE-2020-8559 https://security.netapp.com/advisory/ntap-20200810-0004 https://security.netapp.com/advisory/ntap-20200810-0004/ https://www.cve.org/CVERecord?id=CVE-2020-8559 https://www.cve.org/cverecord?id=CVE-2020-8559
k8s.io/client-go	CVE-2019-11250	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.17.0	http://www.openwall.com/lists/oss-security/2020/10/16/2 https://access.redhat.com/errata/RHSA-2019:4052 https://access.redhat.com/errata/RHSA-2019:4087 https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://access.redhat.com/security/cve/CVE-2019-11250 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245 https://github.com/kubernetes/kubernetes/issues/81114 https://github.com/kubernetes/kubernetes/pull/81330 https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://pkg.go.dev/vuln/GO-2021-0065 https://security.netapp.com/advisory/ntap-20190919-0003 https://security.netapp.com/advisory/ntap-20190919-0003/ https://www.cve.org/CVERecord?id=CVE-2019-11250 https://www.cve.org/cverecord?id=CVE-2019-11250
k8s.io/client-go	CVE-2020-8565	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16	https://access.redhat.com/security/cve/CVE-2020-8565 https://github.com/kubernetes/client-go https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3 https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0 https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86 https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373 https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419 https://github.com/kubernetes/kubernetes/issues/95623 https://github.com/kubernetes/kubernetes/pull/95316 https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ https://nvd.nist.gov/vuln/detail/CVE-2020-8565 https://pkg.go.dev/vuln/GO-2021-0064 https://www.cve.org/CVERecord?id=CVE-2020-8565 https://www.cve.org/cverecord?id=CVE-2020-8565
stdlib	CVE-2022-23806	CRITICAL	v1.16.4	1.16.14, 1.17.7	https://access.redhat.com/security/cve/CVE-2022-23806 https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ https://linux.oracle.com/cve/CVE-2022-23806.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2022-23806 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220225-0006/ https://www.cve.org/CVERecord?id=CVE-2022-23806 https://www.oracle.com/security-alerts/cpujul2022.html
stdlib	CVE-2023-24538	CRITICAL	v1.16.4	1.19.8, 1.20.3	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3) https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8) https://github.com/golang/go/issues/59234 https://go.dev/cl/482079 https://go.dev/issue/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://linux.oracle.com/cve/CVE-2023-24538.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://pkg.go.dev/vuln/GO-2023-1703 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://ubuntu.com/security/notices/USN-6140-1 https://ubuntu.com/security/notices/USN-7061-1 https://www.cve.org/CVERecord?id=CVE-2023-24538
stdlib	CVE-2023-24540	CRITICAL	v1.16.4	1.19.9, 1.20.4	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4) https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9) https://github.com/golang/go/issues/59721 https://go.dev/cl/491616 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://linux.oracle.com/cve/CVE-2023-24540.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://pkg.go.dev/vuln/GO-2023-1752 https://ubuntu.com/security/notices/USN-6140-1 https://www.cve.org/CVERecord?id=CVE-2023-24540
stdlib	CVE-2024-24790	CRITICAL	v1.16.4	1.21.11, 1.22.4	http://www.openwall.com/lists/oss-security/2024/06/04/1 https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790 https://errata.almalinux.org/9/ALSA-2024-9115.html https://errata.rockylinux.org/RLSA-2024:4212 https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21) https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22) https://github.com/golang/go/issues/67680 https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ https://linux.oracle.com/cve/CVE-2024-24790.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://pkg.go.dev/vuln/GO-2024-2887 https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cve.org/CVERecord?id=CVE-2024-24790
stdlib	CVE-2021-33195	HIGH	v1.16.4	1.15.13, 1.16.5	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2021-33195 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://errata.almalinux.org/9/ALSA-2022-8008.html https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI https://linux.oracle.com/cve/CVE-2021-33195.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://nvd.nist.gov/vuln/detail/CVE-2021-33195 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20210902-0005/ https://www.cve.org/CVERecord?id=CVE-2021-33195
67 other vulnerabilities found...
No Misconfigurations found

usr/bin/terraform_1.0.2 (gobinary)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/Masterminds/goutils	CVE-2021-4238	CRITICAL	v1.1.0	1.1.1	https://access.redhat.com/security/cve/CVE-2021-4238 https://github.com/Masterminds/goutils https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 https://github.com/advisories/GHSA-3839-6r69-m497 https://nvd.nist.gov/vuln/detail/CVE-2021-4238 https://pkg.go.dev/vuln/GO-2022-0411 https://www.cve.org/CVERecord?id=CVE-2021-4238
github.com/Masterminds/goutils	GHSA-xg2h-wx96-xgxr	LOW	v1.1.0	1.1.1	https://github.com/Masterminds/goutils https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 https://github.com/Masterminds/goutils/commit/f1923532a168b8203bfe956d8cd3b17ebece5982 https://github.com/Masterminds/goutils/releases/tag/v1.1.1 https://github.com/Masterminds/goutils/security/advisories/GHSA-xg2h-wx96-xgxr
github.com/gogo/protobuf	CVE-2021-3121	HIGH	v1.2.2-0.20190723190241-65acae22fc9d	1.3.2	https://access.redhat.com/security/cve/CVE-2021-3121 https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 https://github.com/gogo/protobuf https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-3121 https://pkg.go.dev/vuln/GO-2021-0053 https://security.netapp.com/advisory/ntap-20210219-0006 https://security.netapp.com/advisory/ntap-20210219-0006/ https://www.cve.org/CVERecord?id=CVE-2021-3121
github.com/hashicorp/consul	CVE-2019-9764	HIGH	v0.0.0-20171026175957-610f3c86a089	1.4.4	https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40 https://github.com/hashicorp/consul/issues/5519 https://nvd.nist.gov/vuln/detail/CVE-2019-9764
github.com/hashicorp/consul	CVE-2020-7219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.6.3	https://access.redhat.com/security/cve/CVE-2020-7219 https://github.com/hashicorp/consul/issues/7159 https://nvd.nist.gov/vuln/detail/CVE-2020-7219 https://www.cve.org/CVERecord?id=CVE-2020-7219 https://www.hashicorp.com/blog/category/consul https://www.hashicorp.com/blog/category/consul/
github.com/hashicorp/consul	CVE-2021-32574	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32574 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-36213	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.1	https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/releases/tag/v1.10.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36213 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-37219	HIGH	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://access.redhat.com/security/cve/CVE-2021-37219 https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0 https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1 https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 https://github.com/hashicorp/consul/pull/10925 https://nvd.nist.gov/vuln/detail/CVE-2021-37219 https://security.gentoo.org/glsa/202207-01 https://www.cve.org/CVERecord?id=CVE-2021-37219 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-29153	HIGH	v0.0.0-20171026175957-610f3c86a089	1.9.17, 1.10.10, 1.11.5	https://access.redhat.com/security/cve/CVE-2022-29153 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 https://github.com/advisories/GHSA-q6h7-4qgw-2j9p https://github.com/hashicorp/consul https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH https://nvd.nist.gov/vuln/detail/CVE-2022-29153 https://security.gentoo.org/glsa/202208-09 https://security.netapp.com/advisory/ntap-20220602-0005 https://security.netapp.com/advisory/ntap-20220602-0005/ https://www.cve.org/CVERecord?id=CVE-2022-29153
github.com/hashicorp/consul	CVE-2020-25864	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.9.5, 1.8.10, 1.7.14	https://access.redhat.com/security/cve/CVE-2020-25864 https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10023 https://nvd.nist.gov/vuln/detail/CVE-2020-25864 https://security.gentoo.org/glsa/202208-09 https://www.cve.org/CVERecord?id=CVE-2020-25864 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2021-38698	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.10.2, 1.9.9, 1.8.15	https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/pull/10824 https://nvd.nist.gov/vuln/detail/CVE-2021-38698 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul
github.com/hashicorp/consul	CVE-2022-40716	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.11.9, 1.12.5, 1.13.2	https://access.redhat.com/security/cve/CVE-2022-40716 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628/1 https://github.com/hashicorp/consul https://github.com/hashicorp/consul/commit/8f6fb4f6fe9488b8ec37da71ac503081d7d3760b https://github.com/hashicorp/consul/pull/14579 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI https://nvd.nist.gov/vuln/detail/CVE-2022-40716 https://www.cve.org/CVERecord?id=CVE-2022-40716
github.com/hashicorp/consul	CVE-2023-1297	MEDIUM	v0.0.0-20171026175957-610f3c86a089	1.14.5, 1.15.3	https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 https://github.com/hashicorp/consul https://nvd.nist.gov/vuln/detail/CVE-2023-1297
github.com/hashicorp/go-getter	CVE-2022-26945	CRITICAL	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-26945 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://nvd.nist.gov/vuln/detail/CVE-2022-26945 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-26945
github.com/hashicorp/go-getter	CVE-2022-30321	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30321 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30321 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30321
github.com/hashicorp/go-getter	CVE-2022-30322	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30322 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30322 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30322
github.com/hashicorp/go-getter	CVE-2022-30323	HIGH	v1.5.2	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30323 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30323 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30323
github.com/hashicorp/go-getter	CVE-2024-6257	HIGH	v1.5.2	1.7.5	https://access.redhat.com/security/cve/CVE-2024-6257 https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 https://github.com/advisories/GHSA-xfhp-jf8p-mh5w https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9 https://nvd.nist.gov/vuln/detail/CVE-2024-6257 https://www.cve.org/CVERecord?id=CVE-2024-6257
github.com/hashicorp/go-getter	CVE-2022-29810	MEDIUM	v1.5.2	1.5.11	https://access.redhat.com/security/cve/CVE-2022-29810 https://github.com/golang/vulndb/issues/438 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11 https://nvd.nist.gov/vuln/detail/CVE-2022-29810 https://pkg.go.dev/vuln/GO-2022-0438 https://www.cve.org/CVERecord?id=CVE-2022-29810
github.com/hashicorp/go-getter	CVE-2023-0475	MEDIUM	v1.5.2	1.7.0	https://access.redhat.com/security/cve/CVE-2023-0475 https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6 https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc https://nvd.nist.gov/vuln/detail/CVE-2023-0475 https://www.cve.org/CVERecord?id=CVE-2023-0475
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	MEDIUM	v0.5.2	0.7.7	https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-6104 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://discuss.hashicorp.com/c/security https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027 https://errata.almalinux.org/9/ALSA-2024-9115.html https://github.com/advisories/GHSA-v6v8-xj6m-xwqh https://github.com/hashicorp/go-retryablehttp https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a https://linux.oracle.com/cve/CVE-2024-6104.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-6104 https://www.cve.org/CVERecord?id=CVE-2024-6104
github.com/hashicorp/go-slug	CVE-2020-29529	HIGH	v0.4.1	0.5.0	https://access.redhat.com/security/cve/CVE-2020-29529 https://github.com/hashicorp/go-slug https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f https://github.com/hashicorp/go-slug/commit/764785bc4cbb9e600ad1cf1a6bd21b535c182983 https://github.com/hashicorp/go-slug/compare/v0.4.3...v0.5.0 https://github.com/hashicorp/go-slug/pull/12 https://github.com/hashicorp/go-slug/releases/tag/v0.5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-29529 https://pkg.go.dev/vuln/GO-2021-0094 https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug https://www.cve.org/CVERecord?id=CVE-2020-29529
golang.org/x/crypto	CVE-2021-43565	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20211202192323-5770296d904e	https://access.redhat.com/security/cve/CVE-2021-43565 https://go.dev/cl/368814 https://go.dev/issues/49932 https://groups.google.com/forum/#!forum/golang-announce https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs https://nvd.nist.gov/vuln/detail/CVE-2021-43565 https://pkg.go.dev/vuln/GO-2022-0968 https://www.cve.org/CVERecord?id=CVE-2021-43565
golang.org/x/crypto	CVE-2022-27191	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20220314234659-1baeb1ce4c0b	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2022-27191 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://cs.opensource.google/go/x/crypto https://errata.almalinux.org/9/ALSA-2022-8008.html https://go.dev/cl/392355 https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/-cp44ypCT5s https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ https://linux.oracle.com/cve/CVE-2022-27191.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-27191 https://pkg.go.dev/vuln/GO-2021-0356 https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml https://security.netapp.com/advisory/ntap-20220429-0002 https://security.netapp.com/advisory/ntap-20220429-0002/ https://www.cve.org/CVERecord?id=CVE-2022-27191
golang.org/x/crypto	CVE-2023-48795	MEDIUM	v0.0.0-20210322153248-0c34fe9e7dc2	0.17.0	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/errata/RHSA-2024:1150 https://access.redhat.com/security/cve/CVE-2023-48795 https://access.redhat.com/security/cve/cve-2023-48795 https://access.redhat.com/solutions/7071748 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/2254210 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 https://errata.almalinux.org/9/ALSA-2024-1150.html https://errata.rockylinux.org/RLSA-2024:0628 https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 https://gitlab.com/libssh/libssh-mirror/-/tags https://go.dev/cl/550715 https://go.dev/issue/64784 https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5 https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://linux.oracle.com/cve/CVE-2023-48795.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://oryx-embedded.com/download/#changelog https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 https://security.netapp.com/advisory/ntap-20240105-0004 https://security.netapp.com/advisory/ntap-20240105-0004/ https://support.apple.com/kb/HT214084 https://terrapin-attack.com/ https://thorntech.com/cve-2023-48795-and-sftp-gateway https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://ubuntu.com/security/notices/USN-6560-1 https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6561-1 https://ubuntu.com/security/notices/USN-6585-1 https://ubuntu.com/security/notices/USN-6589-1 https://ubuntu.com/security/notices/USN-6598-1 https://ubuntu.com/security/notices/USN-6738-1 https://ubuntu.com/security/notices/USN-7051-1 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.debian.org/security/2023/dsa-5586 https://www.debian.org/security/2023/dsa-5588 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt
golang.org/x/net	CVE-2021-33194	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.0.0-20210520170846-37e1c6afe023	https://access.redhat.com/security/cve/CVE-2021-33194 https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7 https://go.dev/cl/311090 https://go.dev/issue/46288 https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7 https://groups.google.com/g/golang-announce/c/wPunbCPkWUg https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM https://nvd.nist.gov/vuln/detail/CVE-2021-33194 https://pkg.go.dev/vuln/GO-2021-0238 https://www.cve.org/CVERecord?id=CVE-2021-33194
golang.org/x/net	CVE-2022-27664	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.0.0-20220906165146-f3363e06e74c	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-27664 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=1913333 https://bugzilla.redhat.com/show_bug.cgi?id=1913338 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 https://bugzilla.redhat.com/show_bug.cgi?id=2124669 https://cs.opensource.google/go/x/net https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:7129 https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) https://github.com/golang/go/issues/54658 https://go.dev/cl/428735 https://go.dev/issue/54658 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ https://linux.oracle.com/cve/CVE-2022-27664.html https://linux.oracle.com/errata/ELSA-2024-0121.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://pkg.go.dev/vuln/GO-2022-0969 https://security.gentoo.org/glsa/202209-26 https://security.netapp.com/advisory/ntap-20220923-0004 https://security.netapp.com/advisory/ntap-20220923-0004/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-27664
golang.org/x/net	CVE-2022-41723	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.7.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://linux.oracle.com/cve/CVE-2022-41723.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/ https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://pkg.go.dev/vuln/GO-2023-1571 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://vuln.go.dev/ID/GO-2023-1571.json https://www.couchbase.com/alerts https://www.couchbase.com/alerts/ https://www.cve.org/CVERecord?id=CVE-2022-41723
golang.org/x/net	CVE-2023-39325	HIGH	v0.0.0-20210226172049-e18ecbb05110	0.17.0	golang.org/x/net https://access.redhat.com/errata/RHSA-2023:6077 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://errata.almalinux.org/9/ALSA-2023-6077.html https://errata.rockylinux.org/RLSA-2023:6077 https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] https://github.com/golang/go/issues/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://linux.oracle.com/cve/CVE-2023-39325.html https://linux.oracle.com/errata/ELSA-2023-5867.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://pkg.go.dev/vuln/GO-2023-2102 https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231110-0008 https://security.netapp.com/advisory/ntap-20231110-0008/ https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-7061-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-39325
golang.org/x/net	CVE-2021-31525	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.0.0-20210428140749-89ef3d95e781	https://access.redhat.com/security/cve/CVE-2021-31525 https://github.com/golang/go https://github.com/golang/go/issues/45710 https://go.dev/cl/313069 https://go.dev/issue/45710 https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9 https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc https://linux.oracle.com/cve/CVE-2021-31525.html https://linux.oracle.com/errata/ELSA-2021-3076.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF https://nvd.nist.gov/vuln/detail/CVE-2021-31525 https://pkg.go.dev/vuln/GO-2022-0236 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-31525
golang.org/x/net	CVE-2022-41717	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.4.0	https://access.redhat.com/errata/RHSA-2023:6420 https://access.redhat.com/security/cve/CVE-2022-41717 https://bugzilla.redhat.com/2131146 https://bugzilla.redhat.com/2131147 https://bugzilla.redhat.com/2131148 https://bugzilla.redhat.com/2138014 https://bugzilla.redhat.com/2138015 https://bugzilla.redhat.com/2148252 https://bugzilla.redhat.com/2158420 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/2184483 https://cs.opensource.google/go/x/net https://errata.almalinux.org/9/ALSA-2023-6420.html https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://linux.oracle.com/cve/CVE-2022-41717.html https://linux.oracle.com/errata/ELSA-2023-6420.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2022-41717 https://pkg.go.dev/vuln/GO-2022-1144 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-41717
golang.org/x/net	CVE-2023-3978	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.13.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-3978 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://go.dev/cl/514896 https://go.dev/issue/61615 https://linux.oracle.com/cve/CVE-2023-3978.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-3978 https://pkg.go.dev/vuln/GO-2023-1988 https://www.cve.org/CVERecord?id=CVE-2023-3978
golang.org/x/net	CVE-2023-44487	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.17.0	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
golang.org/x/net	CVE-2023-45288	MEDIUM	v0.0.0-20210226172049-e18ecbb05110	0.23.0	http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://access.redhat.com/errata/RHSA-2024:2724 https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268018 https://bugzilla.redhat.com/2268019 https://bugzilla.redhat.com/2268273 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 https://errata.almalinux.org/9/ALSA-2024-2724.html https://errata.rockylinux.org/RLSA-2024:2724 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://kb.cert.org/vuls/id/421644 https://linux.oracle.com/cve/CVE-2023-45288.html https://linux.oracle.com/errata/ELSA-2024-3346.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://nowotarski.info/http2-continuation-flood-technical-details https://nowotarski.info/http2-continuation-flood/ https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://security.netapp.com/advisory/ntap-20240419-0009/ https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://www.kb.cert.org/vuls/id/421644
golang.org/x/sys	CVE-2022-29526	MEDIUM	v0.0.0-20210403161142-5e06dd20ab57	0.0.0-20220412211240-33da011f77ad	https://access.redhat.com/security/cve/CVE-2022-29526 https://github.com/golang/go https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c https://github.com/golang/go/issues/52313 https://go.dev/cl/399539 https://go.dev/cl/400074 https://go.dev/issue/52313 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU https://linux.oracle.com/cve/CVE-2022-29526.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-29526 https://pkg.go.dev/vuln/GO-2022-0493 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220729-0001 https://security.netapp.com/advisory/ntap-20220729-0001/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-29526
golang.org/x/text	CVE-2021-38561	HIGH	v0.3.5	0.3.7	https://access.redhat.com/security/cve/CVE-2021-38561 https://deps.dev/advisory/OSV/GO-2021-0113 https://go.dev/cl/340830 https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f https://groups.google.com/g/golang-announce https://nvd.nist.gov/vuln/detail/CVE-2021-38561 https://pkg.go.dev/golang.org/x/text/language https://pkg.go.dev/vuln/GO-2021-0113 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2021-38561
golang.org/x/text	CVE-2022-32149	HIGH	v0.3.5	0.3.8	https://access.redhat.com/security/cve/CVE-2022-32149 https://github.com/golang/go/issues/56152 https://github.com/golang/text https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) https://go.dev/cl/442235 https://go.dev/issue/56152 https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ https://groups.google.com/g/golang-dev/c/qfPIly0X7aU https://nvd.nist.gov/vuln/detail/CVE-2022-32149 https://pkg.go.dev/vuln/GO-2022-1059 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2022-32149
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	v1.27.1	1.56.3, 1.57.1, 1.58.3	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g https://nvd.nist.gov/vuln/detail/CVE-2023-44487
google.golang.org/grpc	CVE-2023-44487	MEDIUM	v1.27.1	1.58.3, 1.57.1, 1.56.3	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
google.golang.org/protobuf	CVE-2024-24786	MEDIUM	v1.25.0	1.33.0	http://www.openwall.com/lists/oss-security/2024/03/08/4 https://access.redhat.com/errata/RHSA-2024:2550 https://access.redhat.com/security/cve/CVE-2024-24786 https://bugzilla.redhat.com/2268046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786 https://errata.almalinux.org/9/ALSA-2024-2550.html https://errata.rockylinux.org/RLSA-2024:2550 https://github.com/protocolbuffers/protobuf-go https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023 https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0 https://go-review.googlesource.com/c/protobuf/+/569356 https://go.dev/cl/569356 https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ https://linux.oracle.com/cve/CVE-2024-24786.html https://linux.oracle.com/errata/ELSA-2024-4246.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ https://nvd.nist.gov/vuln/detail/CVE-2024-24786 https://pkg.go.dev/vuln/GO-2024-2611 https://security.netapp.com/advisory/ntap-20240517-0002 https://security.netapp.com/advisory/ntap-20240517-0002/ https://ubuntu.com/security/notices/USN-6746-1 https://ubuntu.com/security/notices/USN-6746-2 https://www.cve.org/CVERecord?id=CVE-2024-24786
k8s.io/apimachinery	GHSA-74fp-r6jw-h4mp	HIGH	v0.0.0-20190913080033-27d36303b655	0.0.0-20190927203648-9ce6eca90e73	https://github.com/advisories/GHSA-pmqp-h87c-mr78 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/83253 https://github.com/kubernetes/kubernetes/pull/83261 https://groups.google.com/g/kubernetes-security-announce/c/jk8polzSUxs https://nvd.nist.gov/vuln/detail/CVE-2019-11253 https://pkg.go.dev/vuln/GO-2022-0965 https://stackoverflow.com/questions/58129150/security-yaml-bomb-user-can-restart-kube-api-by-sending-configmap
k8s.io/apimachinery	CVE-2020-8559	MEDIUM	v0.0.0-20190913080033-27d36303b655	0.16.13, 0.17.9, 0.18.7	https://access.redhat.com/security/cve/CVE-2020-8559 https://bugzilla.redhat.com/show_bug.cgi?id=1851422 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/issues/92914 https://github.com/kubernetes/kubernetes/pull/92941 https://github.com/tdwyer/CVE-2020-8559 https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs https://linux.oracle.com/cve/CVE-2020-8559.html https://linux.oracle.com/errata/ELSA-2020-5767.html https://nvd.nist.gov/vuln/detail/CVE-2020-8559 https://security.netapp.com/advisory/ntap-20200810-0004 https://security.netapp.com/advisory/ntap-20200810-0004/ https://www.cve.org/CVERecord?id=CVE-2020-8559 https://www.cve.org/cverecord?id=CVE-2020-8559
k8s.io/client-go	CVE-2019-11250	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.17.0	http://www.openwall.com/lists/oss-security/2020/10/16/2 https://access.redhat.com/errata/RHSA-2019:4052 https://access.redhat.com/errata/RHSA-2019:4087 https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://access.redhat.com/security/cve/CVE-2019-11250 https://github.com/kubernetes/kubernetes https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245 https://github.com/kubernetes/kubernetes/issues/81114 https://github.com/kubernetes/kubernetes/pull/81330 https://nvd.nist.gov/vuln/detail/CVE-2019-11250 https://pkg.go.dev/vuln/GO-2021-0065 https://security.netapp.com/advisory/ntap-20190919-0003 https://security.netapp.com/advisory/ntap-20190919-0003/ https://www.cve.org/CVERecord?id=CVE-2019-11250 https://www.cve.org/cverecord?id=CVE-2019-11250
k8s.io/client-go	CVE-2020-8565	MEDIUM	v0.0.0-20190620085101-78d2af792bab	0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16	https://access.redhat.com/security/cve/CVE-2020-8565 https://github.com/kubernetes/client-go https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3 https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0 https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86 https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373 https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419 https://github.com/kubernetes/kubernetes/issues/95623 https://github.com/kubernetes/kubernetes/pull/95316 https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ https://nvd.nist.gov/vuln/detail/CVE-2020-8565 https://pkg.go.dev/vuln/GO-2021-0064 https://www.cve.org/CVERecord?id=CVE-2020-8565 https://www.cve.org/cverecord?id=CVE-2020-8565
stdlib	CVE-2022-23806	CRITICAL	v1.16.4	1.16.14, 1.17.7	https://access.redhat.com/security/cve/CVE-2022-23806 https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ https://linux.oracle.com/cve/CVE-2022-23806.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2022-23806 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220225-0006/ https://www.cve.org/CVERecord?id=CVE-2022-23806 https://www.oracle.com/security-alerts/cpujul2022.html
stdlib	CVE-2023-24538	CRITICAL	v1.16.4	1.19.8, 1.20.3	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3) https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8) https://github.com/golang/go/issues/59234 https://go.dev/cl/482079 https://go.dev/issue/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://linux.oracle.com/cve/CVE-2023-24538.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://pkg.go.dev/vuln/GO-2023-1703 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://ubuntu.com/security/notices/USN-6140-1 https://ubuntu.com/security/notices/USN-7061-1 https://www.cve.org/CVERecord?id=CVE-2023-24538
stdlib	CVE-2023-24540	CRITICAL	v1.16.4	1.19.9, 1.20.4	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4) https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9) https://github.com/golang/go/issues/59721 https://go.dev/cl/491616 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://linux.oracle.com/cve/CVE-2023-24540.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://pkg.go.dev/vuln/GO-2023-1752 https://ubuntu.com/security/notices/USN-6140-1 https://www.cve.org/CVERecord?id=CVE-2023-24540
stdlib	CVE-2024-24790	CRITICAL	v1.16.4	1.21.11, 1.22.4	http://www.openwall.com/lists/oss-security/2024/06/04/1 https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790 https://errata.almalinux.org/9/ALSA-2024-9115.html https://errata.rockylinux.org/RLSA-2024:4212 https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21) https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22) https://github.com/golang/go/issues/67680 https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ https://linux.oracle.com/cve/CVE-2024-24790.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://pkg.go.dev/vuln/GO-2024-2887 https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cve.org/CVERecord?id=CVE-2024-24790
stdlib	CVE-2021-33195	HIGH	v1.16.4	1.15.13, 1.16.5	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2021-33195 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://errata.almalinux.org/9/ALSA-2022-8008.html https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI https://linux.oracle.com/cve/CVE-2021-33195.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://nvd.nist.gov/vuln/detail/CVE-2021-33195 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20210902-0005/ https://www.cve.org/CVERecord?id=CVE-2021-33195
stdlib	CVE-2021-33196	HIGH	v1.16.4	1.15.13, 1.16.5	https://access.redhat.com/security/cve/CVE-2021-33196 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI https://linux.oracle.com/cve/CVE-2021-33196.html https://linux.oracle.com/errata/ELSA-2021-3076.html https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2021-33196 https://security.gentoo.org/glsa/202208-02 https://www.cve.org/CVERecord?id=CVE-2021-33196
66 other vulnerabilities found...
No Misconfigurations found

usr/bin/terragrunt (gobinary)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/hashicorp/go-getter	CVE-2022-26945	CRITICAL	v1.5.7	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-26945 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://nvd.nist.gov/vuln/detail/CVE-2022-26945 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-26945
github.com/hashicorp/go-getter	CVE-2022-30321	HIGH	v1.5.7	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30321 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30321 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30321
github.com/hashicorp/go-getter	CVE-2022-30322	HIGH	v1.5.7	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30322 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30322 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30322
github.com/hashicorp/go-getter	CVE-2022-30323	HIGH	v1.5.7	1.6.1, 2.1.0	https://access.redhat.com/security/cve/CVE-2022-30323 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/ https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 https://github.com/hashicorp/go-getter/pull/359 https://github.com/hashicorp/go-getter/pull/361 https://github.com/hashicorp/go-getter/releases https://nvd.nist.gov/vuln/detail/CVE-2022-30323 https://pkg.go.dev/vuln/GO-2022-0586 https://www.cve.org/CVERecord?id=CVE-2022-30323
github.com/hashicorp/go-getter	CVE-2024-6257	HIGH	v1.5.7	1.7.5	https://access.redhat.com/security/cve/CVE-2024-6257 https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 https://github.com/advisories/GHSA-xfhp-jf8p-mh5w https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9 https://nvd.nist.gov/vuln/detail/CVE-2024-6257 https://www.cve.org/CVERecord?id=CVE-2024-6257
github.com/hashicorp/go-getter	CVE-2022-29810	MEDIUM	v1.5.7	1.5.11	https://access.redhat.com/security/cve/CVE-2022-29810 https://github.com/golang/vulndb/issues/438 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11 https://nvd.nist.gov/vuln/detail/CVE-2022-29810 https://pkg.go.dev/vuln/GO-2022-0438 https://www.cve.org/CVERecord?id=CVE-2022-29810
github.com/hashicorp/go-getter	CVE-2023-0475	MEDIUM	v1.5.7	1.7.0	https://access.redhat.com/security/cve/CVE-2023-0475 https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/0edab85348271c843782993345b07b1ac98912e6 https://github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc https://nvd.nist.gov/vuln/detail/CVE-2023-0475 https://www.cve.org/CVERecord?id=CVE-2023-0475
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	MEDIUM	v0.6.7	0.7.7	https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-6104 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://discuss.hashicorp.com/c/security https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027 https://errata.almalinux.org/9/ALSA-2024-9115.html https://github.com/advisories/GHSA-v6v8-xj6m-xwqh https://github.com/hashicorp/go-retryablehttp https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a https://linux.oracle.com/cve/CVE-2024-6104.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-6104 https://www.cve.org/CVERecord?id=CVE-2024-6104
go.mozilla.org/sops/v3	GHSA-x5c7-x7m2-rhmf	LOW	v3.7.0	3.7.1	https://github.com/mozilla/sops/security/advisories/GHSA-x5c7-x7m2-rhmf
golang.org/x/crypto	CVE-2021-43565	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20211202192323-5770296d904e	https://access.redhat.com/security/cve/CVE-2021-43565 https://go.dev/cl/368814 https://go.dev/issues/49932 https://groups.google.com/forum/#!forum/golang-announce https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs https://nvd.nist.gov/vuln/detail/CVE-2021-43565 https://pkg.go.dev/vuln/GO-2022-0968 https://www.cve.org/CVERecord?id=CVE-2021-43565
golang.org/x/crypto	CVE-2022-27191	HIGH	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20220314234659-1baeb1ce4c0b	https://access.redhat.com/errata/RHSA-2022:8008 https://access.redhat.com/security/cve/CVE-2022-27191 https://bugzilla.redhat.com/1939485 https://bugzilla.redhat.com/1989564 https://bugzilla.redhat.com/1989570 https://bugzilla.redhat.com/1989575 https://bugzilla.redhat.com/2064702 https://bugzilla.redhat.com/2121445 https://bugzilla.redhat.com/2121453 https://cs.opensource.google/go/x/crypto https://errata.almalinux.org/9/ALSA-2022-8008.html https://go.dev/cl/392355 https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/-cp44ypCT5s https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ https://linux.oracle.com/cve/CVE-2022-27191.html https://linux.oracle.com/errata/ELSA-2022-8008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-27191 https://pkg.go.dev/vuln/GO-2021-0356 https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml https://security.netapp.com/advisory/ntap-20220429-0002 https://security.netapp.com/advisory/ntap-20220429-0002/ https://www.cve.org/CVERecord?id=CVE-2022-27191
golang.org/x/crypto	CVE-2023-48795	MEDIUM	v0.0.0-20210322153248-0c34fe9e7dc2	0.17.0	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/errata/RHSA-2024:1150 https://access.redhat.com/security/cve/CVE-2023-48795 https://access.redhat.com/security/cve/cve-2023-48795 https://access.redhat.com/solutions/7071748 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/2254210 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 https://errata.almalinux.org/9/ALSA-2024-1150.html https://errata.rockylinux.org/RLSA-2024:0628 https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 https://gitlab.com/libssh/libssh-mirror/-/tags https://go.dev/cl/550715 https://go.dev/issue/64784 https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5 https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://linux.oracle.com/cve/CVE-2023-48795.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://oryx-embedded.com/download/#changelog https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 https://security.netapp.com/advisory/ntap-20240105-0004 https://security.netapp.com/advisory/ntap-20240105-0004/ https://support.apple.com/kb/HT214084 https://terrapin-attack.com/ https://thorntech.com/cve-2023-48795-and-sftp-gateway https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://ubuntu.com/security/notices/USN-6560-1 https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6561-1 https://ubuntu.com/security/notices/USN-6585-1 https://ubuntu.com/security/notices/USN-6589-1 https://ubuntu.com/security/notices/USN-6598-1 https://ubuntu.com/security/notices/USN-6738-1 https://ubuntu.com/security/notices/USN-7051-1 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.debian.org/security/2023/dsa-5586 https://www.debian.org/security/2023/dsa-5588 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt
golang.org/x/net	CVE-2022-27664	HIGH	v0.0.0-20210813160813-60bc85c4be6d	0.0.0-20220906165146-f3363e06e74c	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-27664 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=1913333 https://bugzilla.redhat.com/show_bug.cgi?id=1913338 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 https://bugzilla.redhat.com/show_bug.cgi?id=2124669 https://cs.opensource.google/go/x/net https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:7129 https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) https://github.com/golang/go/issues/54658 https://go.dev/cl/428735 https://go.dev/issue/54658 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ https://linux.oracle.com/cve/CVE-2022-27664.html https://linux.oracle.com/errata/ELSA-2024-0121.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://pkg.go.dev/vuln/GO-2022-0969 https://security.gentoo.org/glsa/202209-26 https://security.netapp.com/advisory/ntap-20220923-0004 https://security.netapp.com/advisory/ntap-20220923-0004/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-27664
golang.org/x/net	CVE-2022-41723	HIGH	v0.0.0-20210813160813-60bc85c4be6d	0.7.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://linux.oracle.com/cve/CVE-2022-41723.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/ https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://pkg.go.dev/vuln/GO-2023-1571 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://vuln.go.dev/ID/GO-2023-1571.json https://www.couchbase.com/alerts https://www.couchbase.com/alerts/ https://www.cve.org/CVERecord?id=CVE-2022-41723
golang.org/x/net	CVE-2023-39325	HIGH	v0.0.0-20210813160813-60bc85c4be6d	0.17.0	golang.org/x/net https://access.redhat.com/errata/RHSA-2023:6077 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://errata.almalinux.org/9/ALSA-2023-6077.html https://errata.rockylinux.org/RLSA-2023:6077 https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21] https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20] https://github.com/golang/go/issues/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://linux.oracle.com/cve/CVE-2023-39325.html https://linux.oracle.com/errata/ELSA-2023-5867.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://pkg.go.dev/vuln/GO-2023-2102 https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231110-0008 https://security.netapp.com/advisory/ntap-20231110-0008/ https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-7061-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-39325
golang.org/x/net	CVE-2022-41717	MEDIUM	v0.0.0-20210813160813-60bc85c4be6d	0.4.0	https://access.redhat.com/errata/RHSA-2023:6420 https://access.redhat.com/security/cve/CVE-2022-41717 https://bugzilla.redhat.com/2131146 https://bugzilla.redhat.com/2131147 https://bugzilla.redhat.com/2131148 https://bugzilla.redhat.com/2138014 https://bugzilla.redhat.com/2138015 https://bugzilla.redhat.com/2148252 https://bugzilla.redhat.com/2158420 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/2184483 https://cs.opensource.google/go/x/net https://errata.almalinux.org/9/ALSA-2023-6420.html https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://linux.oracle.com/cve/CVE-2022-41717.html https://linux.oracle.com/errata/ELSA-2023-6420.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://nvd.nist.gov/vuln/detail/CVE-2022-41717 https://pkg.go.dev/vuln/GO-2022-1144 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-41717
golang.org/x/net	CVE-2023-3978	MEDIUM	v0.0.0-20210813160813-60bc85c4be6d	0.13.0	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-3978 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://go.dev/cl/514896 https://go.dev/issue/61615 https://linux.oracle.com/cve/CVE-2023-3978.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-3978 https://pkg.go.dev/vuln/GO-2023-1988 https://www.cve.org/CVERecord?id=CVE-2023-3978
golang.org/x/net	CVE-2023-44487	MEDIUM	v0.0.0-20210813160813-60bc85c4be6d	0.17.0	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
golang.org/x/net	CVE-2023-45288	MEDIUM	v0.0.0-20210813160813-60bc85c4be6d	0.23.0	http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://access.redhat.com/errata/RHSA-2024:2724 https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268018 https://bugzilla.redhat.com/2268019 https://bugzilla.redhat.com/2268273 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 https://errata.almalinux.org/9/ALSA-2024-2724.html https://errata.rockylinux.org/RLSA-2024:2724 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://kb.cert.org/vuls/id/421644 https://linux.oracle.com/cve/CVE-2023-45288.html https://linux.oracle.com/errata/ELSA-2024-3346.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://nowotarski.info/http2-continuation-flood-technical-details https://nowotarski.info/http2-continuation-flood/ https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://security.netapp.com/advisory/ntap-20240419-0009/ https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://www.kb.cert.org/vuls/id/421644
golang.org/x/sys	CVE-2022-29526	MEDIUM	v0.0.0-20210823070655-63515b42dcdf	0.0.0-20220412211240-33da011f77ad	https://access.redhat.com/security/cve/CVE-2022-29526 https://github.com/golang/go https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c https://github.com/golang/go/issues/52313 https://go.dev/cl/399539 https://go.dev/cl/400074 https://go.dev/issue/52313 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU https://linux.oracle.com/cve/CVE-2022-29526.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR https://nvd.nist.gov/vuln/detail/CVE-2022-29526 https://pkg.go.dev/vuln/GO-2022-0493 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220729-0001 https://security.netapp.com/advisory/ntap-20220729-0001/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-29526
golang.org/x/text	CVE-2022-32149	HIGH	v0.3.7	0.3.8	https://access.redhat.com/security/cve/CVE-2022-32149 https://github.com/golang/go/issues/56152 https://github.com/golang/text https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) https://go.dev/cl/442235 https://go.dev/issue/56152 https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ https://groups.google.com/g/golang-dev/c/qfPIly0X7aU https://nvd.nist.gov/vuln/detail/CVE-2022-32149 https://pkg.go.dev/vuln/GO-2022-1059 https://ubuntu.com/security/notices/USN-5873-1 https://www.cve.org/CVERecord?id=CVE-2022-32149
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	v1.40.0	1.56.3, 1.57.1, 1.58.3	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g https://nvd.nist.gov/vuln/detail/CVE-2023-44487
google.golang.org/grpc	CVE-2023-44487	MEDIUM	v1.40.0	1.58.3, 1.57.1, 1.56.3	http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/errata/RHSA-2023:6746 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/cve-2023-44487 https://akka.io/security/akka-http-cve-2023-44487.html https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011 https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487 https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://chaos.social/@icing/111210915918780532 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487 https://devblogs.microsoft.com/dotnet/october-2023-updates/ https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://errata.almalinux.org/9/ALSA-2023-6746.html https://errata.rockylinux.org/RLSA-2023:5838 https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/akka/akka-http/pull/4324 https://github.com/akka/akka-http/pull/4325 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/apple/swift-nio-http2 https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/grpc/grpc-go/releases https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/hyperium/hyper/issues/3337 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://istio.io/latest/news/security/istio-security-2023-004 https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487 https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://linux.oracle.com/cve/CVE-2023-44487.html https://linux.oracle.com/errata/ELSA-2024-1444.html https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4 https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2 https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://pkg.go.dev/vuln/GO-2023-2102 https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007 https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007 https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81 https://ubuntu.com/security/CVE-2023-44487 https://ubuntu.com/security/notices/USN-6427-1 https://ubuntu.com/security/notices/USN-6427-2 https://ubuntu.com/security/notices/USN-6438-1 https://ubuntu.com/security/notices/USN-6505-1 https://ubuntu.com/security/notices/USN-6574-1 https://ubuntu.com/security/notices/USN-6754-1 https://ubuntu.com/security/notices/USN-6994-1 https://ubuntu.com/security/notices/USN-7067-1 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.eclipse.org/lists/jetty-announce/msg00181.html https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.mail-archive.com/haproxy@formilux.org/msg44134.html https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
google.golang.org/protobuf	CVE-2024-24786	MEDIUM	v1.27.1	1.33.0	http://www.openwall.com/lists/oss-security/2024/03/08/4 https://access.redhat.com/errata/RHSA-2024:2550 https://access.redhat.com/security/cve/CVE-2024-24786 https://bugzilla.redhat.com/2268046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786 https://errata.almalinux.org/9/ALSA-2024-2550.html https://errata.rockylinux.org/RLSA-2024:2550 https://github.com/protocolbuffers/protobuf-go https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023 https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0 https://go-review.googlesource.com/c/protobuf/+/569356 https://go.dev/cl/569356 https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ https://linux.oracle.com/cve/CVE-2024-24786.html https://linux.oracle.com/errata/ELSA-2024-4246.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ https://nvd.nist.gov/vuln/detail/CVE-2024-24786 https://pkg.go.dev/vuln/GO-2024-2611 https://security.netapp.com/advisory/ntap-20240517-0002 https://security.netapp.com/advisory/ntap-20240517-0002/ https://ubuntu.com/security/notices/USN-6746-1 https://ubuntu.com/security/notices/USN-6746-2 https://www.cve.org/CVERecord?id=CVE-2024-24786
gopkg.in/square/go-jose.v2	CVE-2024-28180	MEDIUM	v2.5.1	no fix available	https://access.redhat.com/errata/RHSA-2024:3827 https://access.redhat.com/security/cve/CVE-2024-28180 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268820 https://bugzilla.redhat.com/2268854 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268820 https://bugzilla.redhat.com/show_bug.cgi?id=2268854 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28176 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28180 https://errata.almalinux.org/9/ALSA-2024-3827.html https://errata.rockylinux.org/RLSA-2024:3827 https://github.com/go-jose/go-jose https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502 https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g https://linux.oracle.com/cve/CVE-2024-28180.html https://linux.oracle.com/errata/ELSA-2024-3968.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/ https://nvd.nist.gov/vuln/detail/CVE-2024-28180 https://www.cve.org/CVERecord?id=CVE-2024-28180
gopkg.in/yaml.v3	CVE-2022-28948	HIGH	v3.0.0-20210107172259-749611fa9fcc	3.0.0-20220521103104-8f96da9f5d5e	https://access.redhat.com/security/cve/CVE-2022-28948 https://github.com/advisories/GHSA-hp87-p4gw-j4gq https://github.com/go-yaml/yaml https://github.com/go-yaml/yaml/commit/8f96da9f5d5eff988554c1aae1784627c4bf6754 https://github.com/go-yaml/yaml/issues/666 https://github.com/go-yaml/yaml/issues/666#issuecomment-1133337993 https://nvd.nist.gov/vuln/detail/CVE-2022-28948 https://security.netapp.com/advisory/ntap-20220923-0006 https://security.netapp.com/advisory/ntap-20220923-0006/ https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV2-2840885 https://www.cve.org/CVERecord?id=CVE-2022-28948
stdlib	CVE-2022-23806	CRITICAL	v1.16.5	1.16.14, 1.17.7	https://access.redhat.com/security/cve/CVE-2022-23806 https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ https://linux.oracle.com/cve/CVE-2022-23806.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2022-23806 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220225-0006/ https://www.cve.org/CVERecord?id=CVE-2022-23806 https://www.oracle.com/security-alerts/cpujul2022.html
stdlib	CVE-2023-24538	CRITICAL	v1.16.5	1.19.8, 1.20.3	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3) https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8) https://github.com/golang/go/issues/59234 https://go.dev/cl/482079 https://go.dev/issue/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://linux.oracle.com/cve/CVE-2023-24538.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://pkg.go.dev/vuln/GO-2023-1703 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://ubuntu.com/security/notices/USN-6140-1 https://ubuntu.com/security/notices/USN-7061-1 https://www.cve.org/CVERecord?id=CVE-2023-24538
stdlib	CVE-2023-24540	CRITICAL	v1.16.5	1.19.9, 1.20.4	https://access.redhat.com/errata/RHSA-2023:6474 https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/2174485 https://bugzilla.redhat.com/2178358 https://bugzilla.redhat.com/2178488 https://bugzilla.redhat.com/2178492 https://bugzilla.redhat.com/2184481 https://bugzilla.redhat.com/2184482 https://bugzilla.redhat.com/2184483 https://bugzilla.redhat.com/2184484 https://bugzilla.redhat.com/2196026 https://bugzilla.redhat.com/2196027 https://bugzilla.redhat.com/2196029 https://bugzilla.redhat.com/2222167 https://bugzilla.redhat.com/2228689 https://errata.almalinux.org/9/ALSA-2023-6474.html https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4) https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9) https://github.com/golang/go/issues/59721 https://go.dev/cl/491616 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://linux.oracle.com/cve/CVE-2023-24540.html https://linux.oracle.com/errata/ELSA-2023-6939.html https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://pkg.go.dev/vuln/GO-2023-1752 https://ubuntu.com/security/notices/USN-6140-1 https://www.cve.org/CVERecord?id=CVE-2023-24540
stdlib	CVE-2024-24790	CRITICAL	v1.16.5	1.21.11, 1.22.4	http://www.openwall.com/lists/oss-security/2024/06/04/1 https://access.redhat.com/errata/RHSA-2024:9115 https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2292668 https://bugzilla.redhat.com/2292787 https://bugzilla.redhat.com/2294000 https://bugzilla.redhat.com/2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790 https://errata.almalinux.org/9/ALSA-2024-9115.html https://errata.rockylinux.org/RLSA-2024:4212 https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21) https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22) https://github.com/golang/go/issues/67680 https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ https://linux.oracle.com/cve/CVE-2024-24790.html https://linux.oracle.com/errata/ELSA-2024-9115.html https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://pkg.go.dev/vuln/GO-2024-2887 https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://www.cve.org/CVERecord?id=CVE-2024-24790
stdlib	CVE-2021-39293	HIGH	v1.16.5	1.16.8, 1.17.1	https://access.redhat.com/security/cve/CVE-2021-39293 https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/dx9d7IOseHw https://linux.oracle.com/cve/CVE-2021-39293.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2021-39293 https://security.netapp.com/advisory/ntap-20220217-0009/ https://www.cve.org/CVERecord?id=CVE-2021-39293
stdlib	CVE-2021-41771	HIGH	v1.16.5	1.16.10, 1.17.3	https://access.redhat.com/security/cve/CVE-2021-41771 https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/0fM21h43arc https://linux.oracle.com/cve/CVE-2021-41771.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/ https://nvd.nist.gov/vuln/detail/CVE-2021-41771 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20211210-0003/ https://www.cve.org/CVERecord?id=CVE-2021-41771 https://www.oracle.com/security-alerts/cpujul2022.html
stdlib	CVE-2021-41772	HIGH	v1.16.5	1.16.10, 1.17.3	https://access.redhat.com/security/cve/CVE-2021-41772 https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/0fM21h43arc https://linux.oracle.com/cve/CVE-2021-41772.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/ https://nvd.nist.gov/vuln/detail/CVE-2021-41772 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20211210-0003/ https://www.cve.org/CVERecord?id=CVE-2021-41772 https://www.oracle.com/security-alerts/cpujul2022.html
stdlib	CVE-2021-44716	HIGH	v1.16.5	1.16.12, 1.17.5	https://access.redhat.com/security/cve/CVE-2021-44716 https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5) https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70 https://go.dev/cl/369794 https://go.dev/issue/50058 https://groups.google.com/g/golang-announce/c/hcmEScgc00k https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ https://linux.oracle.com/cve/CVE-2021-44716.html https://linux.oracle.com/errata/ELSA-2022-0001.html https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2021-44716 https://pkg.go.dev/vuln/GO-2022-0288 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220121-0002 https://security.netapp.com/advisory/ntap-20220121-0002/ https://www.cve.org/CVERecord?id=CVE-2021-44716
stdlib	CVE-2022-23772	HIGH	v1.16.5	1.16.14, 1.17.7	https://access.redhat.com/security/cve/CVE-2022-23772 https://errata.almalinux.org/8/ALSA-2022-1819.html https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ https://linux.oracle.com/cve/CVE-2022-23772.html https://linux.oracle.com/errata/ELSA-2022-1819.html https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://nvd.nist.gov/vuln/detail/CVE-2022-23772 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220225-0006/ https://www.cve.org/CVERecord?id=CVE-2022-23772 https://www.oracle.com/security-alerts/cpujul2022.html
stdlib	CVE-2022-24675	HIGH	v1.16.5	1.17.9, 1.18.1	https://access.redhat.com/security/cve/CVE-2022-24675 https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf https://go.dev/issue/51853 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/oecdBNLOml8 https://linux.oracle.com/cve/CVE-2022-24675.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://nvd.nist.gov/vuln/detail/CVE-2022-24675 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220915-0010/ https://www.cve.org/CVERecord?id=CVE-2022-24675
stdlib	CVE-2022-24921	HIGH	v1.16.5	1.16.15, 1.17.8	https://access.redhat.com/security/cve/CVE-2022-24921 https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk https://linux.oracle.com/cve/CVE-2022-24921.html https://linux.oracle.com/errata/ELSA-2022-9363.html https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov/vuln/detail/CVE-2022-24921 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220325-0010/ https://www.cve.org/CVERecord?id=CVE-2022-24921
stdlib	CVE-2022-27664	HIGH	v1.16.5	1.18.6, 1.19.1	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-27664 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=1913333 https://bugzilla.redhat.com/show_bug.cgi?id=1913338 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 https://bugzilla.redhat.com/show_bug.cgi?id=2124669 https://cs.opensource.google/go/x/net https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:7129 https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) https://github.com/golang/go/issues/54658 https://go.dev/cl/428735 https://go.dev/issue/54658 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ https://linux.oracle.com/cve/CVE-2022-27664.html https://linux.oracle.com/errata/ELSA-2024-0121.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX https://nvd.nist.gov/vuln/detail/CVE-2022-27664 https://pkg.go.dev/vuln/GO-2022-0969 https://security.gentoo.org/glsa/202209-26 https://security.netapp.com/advisory/ntap-20220923-0004 https://security.netapp.com/advisory/ntap-20220923-0004/ https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-27664
stdlib	CVE-2022-28131	HIGH	v1.16.5	1.17.12, 1.18.4	https://access.redhat.com/errata/RHSA-2022:8057 https://access.redhat.com/security/cve/CVE-2022-28131 https://bugzilla.redhat.com/2044628 https://bugzilla.redhat.com/2045880 https://bugzilla.redhat.com/2050648 https://bugzilla.redhat.com/2050742 https://bugzilla.redhat.com/2050743 https://bugzilla.redhat.com/2065290 https://bugzilla.redhat.com/2107342 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107376 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2107390 https://bugzilla.redhat.com/2107392 https://bugzilla.redhat.com/show_bug.cgi?id=2044628 https://bugzilla.redhat.com/show_bug.cgi?id=2045880 https://bugzilla.redhat.com/show_bug.cgi?id=2050648 https://bugzilla.redhat.com/show_bug.cgi?id=2050742 https://bugzilla.redhat.com/show_bug.cgi?id=2050743 https://bugzilla.redhat.com/show_bug.cgi?id=2055349 https://bugzilla.redhat.com/show_bug.cgi?id=2065290 https://bugzilla.redhat.com/show_bug.cgi?id=2104367 https://bugzilla.redhat.com/show_bug.cgi?id=2107342 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107376 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2107390 https://bugzilla.redhat.com/show_bug.cgi?id=2107392 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://errata.almalinux.org/9/ALSA-2022-8057.html https://errata.rockylinux.org/RLSA-2022:8057 https://github.com/golang/go/commit/90f040ec510dd678b7860d70ca77e5682f4c7e96 https://go.dev/cl/417062 https://go.dev/issue/53614 https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://linux.oracle.com/cve/CVE-2022-28131.html https://linux.oracle.com/errata/ELSA-2023-2802.html https://nvd.nist.gov/vuln/detail/CVE-2022-28131 https://pkg.go.dev/vuln/GO-2022-0521 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-28131
stdlib	CVE-2022-28327	HIGH	v1.16.5	1.17.9, 1.18.1	https://access.redhat.com/security/cve/CVE-2022-28327 https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf https://go.dev/issue/52075 https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/oecdBNLOml8 https://linux.oracle.com/cve/CVE-2022-28327.html https://linux.oracle.com/errata/ELSA-2022-5337.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://nvd.nist.gov/vuln/detail/CVE-2022-28327 https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220915-0010/ https://www.cve.org/CVERecord?id=CVE-2022-28327
stdlib	CVE-2022-2879	HIGH	v1.16.5	1.18.7, 1.19.2	https://access.redhat.com/errata/RHSA-2023:2204 https://access.redhat.com/security/cve/CVE-2022-2879 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132867 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=2132867 https://bugzilla.redhat.com/show_bug.cgi?id=2132868 https://bugzilla.redhat.com/show_bug.cgi?id=2132872 https://bugzilla.redhat.com/show_bug.cgi?id=2149311 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715 https://errata.almalinux.org/9/ALSA-2023-2204.html https://errata.rockylinux.org/RLSA-2023:0328 https://github.com/golang/go/commit/0a723816cd205576945fa57fbdde7e6532d59d08 (go1.18.7) https://github.com/golang/go/commit/4fa773cdefd20be093c84f731be7d4febf5536fa (go1.19.2) https://github.com/golang/go/issues/54853 https://go.dev/cl/439355 https://go.dev/issue/54853 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1 https://linux.oracle.com/cve/CVE-2022-2879.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://nvd.nist.gov/vuln/detail/CVE-2022-2879 https://pkg.go.dev/vuln/GO-2022-1037 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-2879
stdlib	CVE-2022-2880	HIGH	v1.16.5	1.18.7, 1.19.2	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-2880 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=2132867 https://bugzilla.redhat.com/show_bug.cgi?id=2132868 https://bugzilla.redhat.com/show_bug.cgi?id=2132872 https://bugzilla.redhat.com/show_bug.cgi?id=2149311 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2023:0328 https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e (go1.18.7) https://github.com/golang/go/commit/f6d844510d5f1e3b3098eba255d9b633d45eac3b (go1.19.2) https://github.com/golang/go/issues/54663 https://go.dev/cl/432976 https://go.dev/issue/54663 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1 https://linux.oracle.com/cve/CVE-2022-2880.html https://linux.oracle.com/errata/ELSA-2024-3254.html https://nvd.nist.gov/vuln/detail/CVE-2022-2880 https://pkg.go.dev/vuln/GO-2022-1038 https://security.gentoo.org/glsa/202311-09 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-2880
stdlib	CVE-2022-29804	HIGH	v1.16.5	1.17.11, 1.18.3	https://go.dev/cl/401595 https://go.dev/issue/52476 https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ https://linux.oracle.com/cve/CVE-2022-29804.html https://linux.oracle.com/errata/ELSA-2022-17957.html https://pkg.go.dev/vuln/GO-2022-0533
stdlib	CVE-2022-30580	HIGH	v1.16.5	1.17.11, 1.18.3	https://access.redhat.com/security/cve/CVE-2022-30580 https://go.dev/cl/403759 https://go.dev/issue/52574 https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ https://linux.oracle.com/cve/CVE-2022-30580.html https://linux.oracle.com/errata/ELSA-2022-17957.html https://nvd.nist.gov/vuln/detail/CVE-2022-30580 https://pkg.go.dev/vuln/GO-2022-0532 https://www.cve.org/CVERecord?id=CVE-2022-30580
stdlib	CVE-2022-30630	HIGH	v1.16.5	1.17.12, 1.18.4	https://access.redhat.com/errata/RHSA-2024:2180 https://access.redhat.com/security/cve/CVE-2022-30630 https://bugzilla.redhat.com/2107342 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2253193 https://bugzilla.redhat.com/show_bug.cgi?id=2107342 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://errata.almalinux.org/9/ALSA-2024-2180.html https://errata.rockylinux.org/RLSA-2022:8250 https://github.com/golang/go/commit/315e80d293b684ac2902819e58f618f1b5a14d49 (1.18) https://go.dev/cl/417065 https://go.dev/issue/53415 https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://linux.oracle.com/cve/CVE-2022-30630.html https://linux.oracle.com/errata/ELSA-2024-2180.html https://nvd.nist.gov/vuln/detail/CVE-2022-30630 https://pkg.go.dev/vuln/GO-2022-0527 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-30630
stdlib	CVE-2022-30631	HIGH	v1.16.5	1.17.12, 1.18.4	https://access.redhat.com/errata/RHSA-2024:2180 https://access.redhat.com/security/cve/CVE-2022-30631 https://bugzilla.redhat.com/2107342 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2253193 https://bugzilla.redhat.com/show_bug.cgi?id=2107342 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://errata.almalinux.org/9/ALSA-2024-2180.html https://errata.rockylinux.org/RLSA-2022:8250 https://github.com/golang/go/commit/8e27a8ac4c001c27713810b75925aa3794049c48 (1.18) https://go.dev/cl/417067 https://go.dev/issue/53168 https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://linux.oracle.com/cve/CVE-2022-30631.html https://linux.oracle.com/errata/ELSA-2024-2180.html https://nvd.nist.gov/vuln/detail/CVE-2022-30631 https://pkg.go.dev/vuln/GO-2022-0524 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-30631
stdlib	CVE-2022-30632	HIGH	v1.16.5	1.17.12, 1.18.4	https://access.redhat.com/errata/RHSA-2024:2180 https://access.redhat.com/security/cve/CVE-2022-30632 https://bugzilla.redhat.com/2107342 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2253193 https://bugzilla.redhat.com/show_bug.cgi?id=2107342 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://errata.almalinux.org/9/ALSA-2024-2180.html https://errata.rockylinux.org/RLSA-2022:8250 https://github.com/golang/go/commit/5ebd862b1714dad1544bd10a24c47cdb53ad7f46 (1.18) https://go.dev/cl/417066 https://go.dev/issue/53416 https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://linux.oracle.com/cve/CVE-2022-30632.html https://linux.oracle.com/errata/ELSA-2024-2180.html https://nvd.nist.gov/vuln/detail/CVE-2022-30632 https://pkg.go.dev/vuln/GO-2022-0522 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-30632
stdlib	CVE-2022-30633	HIGH	v1.16.5	1.17.12, 1.18.4	https://access.redhat.com/errata/RHSA-2022:8057 https://access.redhat.com/security/cve/CVE-2022-30633 https://bugzilla.redhat.com/2044628 https://bugzilla.redhat.com/2045880 https://bugzilla.redhat.com/2050648 https://bugzilla.redhat.com/2050742 https://bugzilla.redhat.com/2050743 https://bugzilla.redhat.com/2065290 https://bugzilla.redhat.com/2107342 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107376 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2107390 https://bugzilla.redhat.com/2107392 https://bugzilla.redhat.com/show_bug.cgi?id=2044628 https://bugzilla.redhat.com/show_bug.cgi?id=2045880 https://bugzilla.redhat.com/show_bug.cgi?id=2050648 https://bugzilla.redhat.com/show_bug.cgi?id=2050742 https://bugzilla.redhat.com/show_bug.cgi?id=2050743 https://bugzilla.redhat.com/show_bug.cgi?id=2055349 https://bugzilla.redhat.com/show_bug.cgi?id=2065290 https://bugzilla.redhat.com/show_bug.cgi?id=2104367 https://bugzilla.redhat.com/show_bug.cgi?id=2107342 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107376 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://bugzilla.redhat.com/show_bug.cgi?id=2107390 https://bugzilla.redhat.com/show_bug.cgi?id=2107392 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://errata.almalinux.org/9/ALSA-2022-8057.html https://errata.rockylinux.org/RLSA-2022:8057 https://github.com/golang/go/commit/2924ced71d16297320e8ff18829c2038e6ad8d9b (1.18) https://go.dev/cl/417061 https://go.dev/issue/53611 https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://linux.oracle.com/cve/CVE-2022-30633.html https://linux.oracle.com/errata/ELSA-2023-2802.html https://nvd.nist.gov/vuln/detail/CVE-2022-30633 https://pkg.go.dev/vuln/GO-2022-0523 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-30633
stdlib	CVE-2022-30634	HIGH	v1.16.5	1.17.11, 1.18.3	https://go.dev/cl/402257 https://go.dev/issue/52561 https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ https://linux.oracle.com/cve/CVE-2022-30634.html https://linux.oracle.com/errata/ELSA-2022-17957.html https://pkg.go.dev/vuln/GO-2022-0477
stdlib	CVE-2022-30635	HIGH	v1.16.5	1.17.12, 1.18.4	https://access.redhat.com/errata/RHSA-2023:2357 https://access.redhat.com/security/cve/CVE-2022-30635 https://bugzilla.redhat.com/2107371 https://bugzilla.redhat.com/2107374 https://bugzilla.redhat.com/2107383 https://bugzilla.redhat.com/2107386 https://bugzilla.redhat.com/2107388 https://bugzilla.redhat.com/2113814 https://bugzilla.redhat.com/2124669 https://bugzilla.redhat.com/2132868 https://bugzilla.redhat.com/2132872 https://bugzilla.redhat.com/2161274 https://bugzilla.redhat.com/show_bug.cgi?id=2107342 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 https://errata.almalinux.org/9/ALSA-2023-2357.html https://errata.rockylinux.org/RLSA-2022:8250 https://github.com/golang/go/commit/fb979a50823e5a0575cf6166b3f17a13364cbf81 (1.18) https://go.dev/cl/417064 https://go.dev/issue/53615 https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://linux.oracle.com/cve/CVE-2022-30635.html https://linux.oracle.com/errata/ELSA-2023-2802.html https://nvd.nist.gov/vuln/detail/CVE-2022-30635 https://pkg.go.dev/vuln/GO-2022-0526 https://ubuntu.com/security/notices/USN-6038-1 https://ubuntu.com/security/notices/USN-6038-2 https://www.cve.org/CVERecord?id=CVE-2022-30635
44 other vulnerabilities found...
No Misconfigurations found