Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fetch CVE-2022-27664 #115

Open
trsreagan3 opened this issue Apr 11, 2023 · 2 comments
Open

Fetch CVE-2022-27664 #115

trsreagan3 opened this issue Apr 11, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@trsreagan3
Copy link

  • this scan was run against version 0.4.2 as that is what is installed by gruntwork-installer. If this has been patched in one of the recent releases this can be closed
  • CVE-2022-27664
  • Installed version: 1.16.2
    Patched version: 1.18.6
    Paths: /usr/local/bin/fetch
  • Description
    In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, a closing HTTP/2 server connection could hang forever waiting for a clean shutdown that was preempted by a subsequent fatal error. This failure mode could be exploited to cause a denial of service.
  • References
    https://nvd.nist.gov/vuln/detail/CVE-2022-27664
@trsreagan3 trsreagan3 added the enhancement New feature or request label Apr 11, 2023
@gitsstewart
Copy link

Thanks for bringing this to our attention @trsreagan3 . We will have a look and take steps to prioritize work accordingly.

@oredavids oredavids mentioned this issue Apr 20, 2023
Merged
5 tasks
@josh-padnick
Copy link
Contributor

Should we close this issue given that #116 is merged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@josh-padnick @trsreagan3 @gitsstewart