CVE-2021-31525

Published May 27th, 2021

View on NVD ↗

CVSS v3

5.9

MEDIUM

CVSS v2

2.6

LOW

Affected

PROJECT

Description

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

golang/go

The Go programming language

GitHub

135K