3 matches found
Astra Linux – Vulnerability in golang-github-prometheus-client-golang
clientgolang is the instrumentation library for Go applications in Prometheus. The promhttp package within clientgolang provides tools for working with HTTP servers and clients. Prior to version 1.11.1 of clientgolang, HTTP servers were vulnerable to Denial of Service attacks due to unbounded...
Mailpit -- Performance information disclosure
Ralph Slooten Mailpit developer reports: An HTTP endpoint was found which exposed expvar runtime information memory usage, goroutine counts, GC behavior, uptime and potential runtime flags due to the Prometheus client library dependency...
AZL-34835 CVE-2022-21698 affecting package keda for versions less than 2.14.0-1
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...