Headline
CVE-2022-24863: Release v1.2.6 · swaggo/http-swagger
http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down to improper handling of http methods. Users are advised to upgrade. Users unable to upgrade may to restrict the path prefix to the “GET” method as a workaround.
Compare
Choose a tag to compare
v1.2.6
Latest
Latest
· 1 commit to master since this release
v1.2.6
b7d83e8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: 4AEE18F83AFDEB23 Learn about vigilant mode.
Compare
Choose a tag to compare
Changelog
b7d83e8 fix: security improvement (#62)