Hi Marta,
I will take care of updating the golang to 1.22.2 witch include a fix for
the CVE-2023-45288
https://github.com/golang/go/commit/e55d7cf8435ba4e58d4a5694e63b391821d4ee9b
Jose
Marta Rybczynska escreveu (quarta, 3/04/2024 à(s)
21:46):
> Details: https://kb.cert.org/vuls/id/421644
>
>
Details: https://kb.cert.org/vuls/id/421644
Affected (amongst others): nodejs, oghttp, nghttp2, Apache httpd, go
Multiple CVEs have been issued.
Quoting from the description:
HTTP allows messages to include named fields in both header and
trailer sections. These header and trailer fields are
