3 matches found
klever-go: REST API slow-header connection exhaustion via Gin Engine.Run
Summary The Klever seednode REST API starts a Gin engine with Engine.RunrestAPIInterface. In Gin v1.9.1, Engine.Run calls Go's default http.ListenAndServe, which constructs an HTTP server without application-level ReadHeaderTimeout, ReadTimeout, or MaxHeaderBytes limits. An unauthenticated client...
GHSA-W4C6-7R69-W7J9 klever-go: REST API slow-header connection exhaustion via Gin Engine.Run
Summary The Klever seednode REST API starts a Gin engine with Engine.RunrestAPIInterface. In Gin v1.9.1, Engine.Run calls Go's default http.ListenAndServe, which constructs an HTTP server without application-level ReadHeaderTimeout, ReadTimeout, or MaxHeaderBytes limits. An unauthenticated client...
PT-2026-48347
Name of the Vulnerable Software and Affected Versions klever-go versions 1.7.14 through 1.7.17 Description The REST API in the seednode and node components is susceptible to a denial of service attack. This occurs because the application uses the Gin framework's Engine.Run function, which relies ...