govulncheck vulnerability GO-2023-1571 for golang.org/x/net and golang.org/x/net/http2

## Description


On the latest v1.8.2 tag, `govulncheck` is reporting a vulnerability ([GO-2023-1571](https://pkg.go.dev/vuln/GO-2023-1571)):
```
Vulnerability #1: GO-2023-1571
  A maliciously crafted HTTP/2 stream could cause excessive CPU
  consumption in the HPACK decoder, sufficient to cause a denial
  of service from a small number of small requests.

  Found in: golang.org/x/net/http2@v0.4.0
  Fixed in: golang.org/x/net/http2@v0.7.0
  More info: https://pkg.go.dev/vuln/GO-2023-1571
```

## Pull Request

I think this should fix things: https://github.com/gin-gonic/gin/pull/3505

## How to reproduce

Reproduction is the Gin codebase itself.

Run:
```
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...
```

## Expectations

No vulnerabilities should be reported.

## Solution

Bumping the version of  golang.org/x/net to v0.7.0 should fix things.
```
go get "golang.org/x/net/http2"
govulncheck ./...
```

## Actual result


```
$ curl -i http://localhost:8201/hello/world
<YOUR RESULT>
```

## Environment

- go version: v1.19.6
- gin version (or commit ref): v1.8.2
- operating system: macOS Ventura 13.2, Apple M1 Max

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

govulncheck vulnerability GO-2023-1571 for golang.org/x/net and golang.org/x/net/http2 #3504

Description

Pull Request

How to reproduce

Expectations

Solution

Actual result

Environment

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

govulncheck vulnerability GO-2023-1571 for golang.org/x/net and golang.org/x/net/http2 #3504

Description

Description

Pull Request

How to reproduce

Expectations

Solution

Actual result

Environment

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions