blob: 985a03d73400d1f5039e872571c2ac5ae50028b3 [file] [log] [blame]
module: std
package: mime/multipart
versions:
- fixed: go1.6.4
- fixed: go1.7.4
- fixed: go1.8.0
description: |
When parsing large multipart/form-data, an attacker can
cause a HTTP server to open a large number of file
descriptors. This may be used as a denial-of-service
vector.
cves:
- CVE-2017-1000098
credit: Simon Rawet
symbols:
- Reader.readForm
links:
pr: https://go.dev/cl/30410
commit: https://go.googlesource.com/go/+/7478ea5dba7ed02ddffd91c1d17ec8141f7cf184
context:
- https://groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ