golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http
A flaw was found in golang.org/net/http. A remote attacker could exploit this vulnerability by sending a large number of small cookies to an HTTP server. Despite a default 1MB limit on HTTP headers, the number of cookies parsed is unrestricted, leading to excessive memory allocation. This can cau...