VYPR

Go modules package

github.com/quic-go/webtransport-go

pkg:golang/github.com/quic-go/webtransport-go

Vulnerabilities (3)

  • CVE-2026-21438Feb 12, 2026
    affected < 0.10.0fixed 0.10.0

    webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage colle

  • CVE-2026-21435Feb 12, 2026
    affected < 0.10.0fixed 0.10.0

    webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CON

  • CVE-2026-21434Feb 12, 2026
    affected >= 0.3.0, < 0.10.0fixed 0.10.0

    webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WT_CLOSE_SESSION capsule containing an excessively large Application Error Message.