Vulnerability Report: GO-2023-2388

GHSA-v7hc-87jc-qrrr
Affects: knative.dev/eventing-github
Published: Aug 21, 2024
Unreviewed

eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations in knative.dev/eventing-github

For detailed information about this vulnerability, visit https://github.com/knative-extensions/eventing-github/security/advisories/GHSA-v7hc-87jc-qrrr.

Affected Modules

Path

Go Versions
knative.dev/eventing-github

before v0.39.1

Aliases

GHSA-v7hc-87jc-qrrr

References

https://github.com/knative-extensions/eventing-github/security/advisories/GHSA-v7hc-87jc-qrrr
https://github.com/knative-extensions/eventing-github/commit/ea5cb8b25fc3410dde45ce2eb95454e4cfe77c40
https://github.com/knative-extensions/eventing-github/pull/442
https://github.com/knative-extensions/eventing-github/pull/446
https://github.com/knative-extensions/eventing-github/pull/447
https://vuln.go.dev/ID/GO-2023-2388.json

Feedback

This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL