blob: e5173444accae32368b895ffa342a6225697c704 [file] [log] [blame]
packages:
- module: std
package: mime/multipart
symbols:
- Reader.readForm
versions:
- fixed: 1.6.4
- introduced: 1.7.0
fixed: 1.7.4
description: |
When parsing large multipart/form-data, an attacker can
cause a HTTP server to open a large number of file
descriptors. This may be used as a denial-of-service
vector.
published: 2022-02-15T23:56:14Z
cves:
- CVE-2017-1000098
credit: Simon Rawet
links:
pr: https://go.dev/cl/30410
commit: https://go.googlesource.com/go/+/7478ea5dba7ed02ddffd91c1d17ec8141f7cf184
context:
- https://go.dev/issue/16296
- https://groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ