AZL-54562 CVE-2024-45338 affecting package keda for versions less than 2.4.0-25

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-33597 CVE-2021-44716 affecting package keda for versions less than 2.4.0-19

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...