When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

Memory exhaustion in multipart form parsing in net/textproto and net/http

When parsing a multipart form (either explicitly with Request.ParseMul ...

Security update for apptainer

Security update for skopeo

Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Уязвимость пакета реализации набора стандартов JWE, JWS, JWT go-jose для языка программирования Go, связанная с некорректной обработкой сильно сжатых входных данных, позволяющая нарушителю вызвать отказ в обслуживании

Moderate: gvisor-tap-vsock security and bug fix update

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

ELSA-2024-3831: containernetworking-plugins security and bug fix update (MODERATE)

ELSA-2024-3830: gvisor-tap-vsock security and bug fix update (MODERATE)

Уязвимость пакета golang операционной системы Debian GNU/Linux, позволяющая нарушителю вызвать отказ в обслуживании (DoS)

Security update for skopeo

Уязвимость golang-github-jose

Уязвимость consul

Moderate: skopeo security and bug fix update

ELSA-2024-2549: skopeo security and bug fix update (MODERATE)

Security update for containerized-data-importer