CVE-2024-37298 - gorilla/schema converts structs to and from form v

CVE ID : CVE-2024-37298 Published : July 1, 2024, 7:15 p.m. | 29 minutes ago Description : gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Autor

Jul 1, 2024 - 21:45

0 2

CVE-2024-37298 - gorilla/schema converts structs to and from form v

CVE ID : CVE-2024-37298
Published : July 1, 2024, 7:15 p.m. | 29 minutes ago
Description : gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2024-37298 - gorilla/schema converts structs to and from form v

Tags:

Verwandte Beiträge

Follow Us

Popular Posts

Recommended Posts

Popular Tags