By the Year
In 2023 there have been 1 vulnerability in GoLang H2c with an average score of 7.5 out of ten. H2c did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2023 as compared to last year.
It may take a day or so for new H2c vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GoLang H2c Security Vulnerabilities
A request smuggling attack is possible when using MaxBytesHandler
7.5 - High
- January 13, 2023
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.
HTTP Request Smuggling