data/reports/GO-2022-0933.yaml - vulndb - Git at Google

 id: GO-2022-0933
 modules:
     - module: github.com/pomerium/pomerium
       versions:
         - fixed: 0.15.1
       vulnerable_at: 0.15.0
 summary: Incorrect handling of H2 GOAWAY + SETTINGS frames in github.com/pomerium/pomerium
 cves:
     - CVE-2021-39162
 ghsas:
     - GHSA-gjcg-vrxg-xmgv
 references:
     - advisory: https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-39162
     - web: https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8
     - web: https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ
 source:
     id: GHSA-gjcg-vrxg-xmgv
     created: 2024-08-20T14:32:03.137864-04:00
 review_status: UNREVIEWED
 unexcluded: NOT_IMPORTABLE
	id: GO-2022-0933
	modules:
	- module: github.com/pomerium/pomerium
	versions:
	- fixed: 0.15.1
	vulnerable_at: 0.15.0
	summary: Incorrect handling of H2 GOAWAY + SETTINGS frames in github.com/pomerium/pomerium
	cves:
	- CVE-2021-39162
	ghsas:
	- GHSA-gjcg-vrxg-xmgv
	references:
	- advisory: https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-39162
	- web: https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8
	- web: https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ
	source:
	id: GHSA-gjcg-vrxg-xmgv
	created: 2024-08-20T14:32:03.137864-04:00
	review_status: UNREVIEWED
	unexcluded: NOT_IMPORTABLE