VYPR

net/http

by Golang

golang: net/http

Source repositories

CVEs (1)

  • CVE-2017-1000098HigOct 5, 2017
    risk 0.42cvss 7.5epss 0.02

    The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.