Vulnerability Report: GO-2020-0037
- CVE-2019-25072, GHSA-3fm3-m23v-5r46
- Affects: github.com/tendermint/tendermint
- Published: Apr 14, 2021
- Modified: May 20, 2024
Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.
Affected Packages
-
PathGo VersionsSymbols
-
before v0.31.1
Aliases
References
- https://github.com/tendermint/tendermint/pull/3430
- https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613
- https://vuln.go.dev/ID/GO-2020-0037.json
Credits
- @guagualvcha
Feedback
See anything missing or incorrect?
Suggest an edit to this report.