blob: 6b38fc6bfa985b81e382a6289ed646c08da904dc [file] [log] [blame]
module: github.com/tendermint/tendermint
package: github.com/tendermint/tendermint/rpc/client
versions:
- fixed: v0.31.1
description: |
Due to support of Gzip compression in request bodies, as well
as a lack of limiting response body sizes, a malicious server
can cause a client to consume a significant amount of system
resources, which may be used as a denial of service vector.
published: 2021-04-14T12:00:00Z
credit: "@guagualvcha"
symbols:
- makeHTTPClient
links:
pr: https://github.com/tendermint/tendermint/pull/3430
commit: https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613