EPSS
Процентиль: 11%
0.00039
Низкий
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
ubuntu
27 дней назад
[net/http: lack of limit when parsing cookies can cause memory exhaustion]
CVSS3: 5.3
nvd
7 дней назад
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
CVSS3: 5.3
debian
7 дней назад
Despite HTTP headers having a default limit of 1MB, the number of cook ...
CVSS3: 5.3
github
7 дней назад
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
EPSS
Процентиль: 11%
0.00039
Низкий
5.3 Medium
CVSS3