Vulnerability #1: GO-2026-4918
Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in
net/http/internal/http2 in golang.org/x/net
More info: https://pkg.go.dev/vuln/GO-2026-4918
Module: golang.org/x/net
Found in: golang.org/x/net@v0.47.0
Fixed in: golang.org/x/net@v0.53.0
Example traces found:
#1: prober/http.go:227:44: prober.transport.RoundTrip calls http.Transport.RoundTrip, which eventually calls http2.Transport.NewClientConn
#2: prober/http.go:227:44: prober.transport.RoundTrip calls http.Transport.RoundTrip, which eventually calls http2.Transport.RoundTrip
#3: prober/http.go:227:44: prober.transport.RoundTrip calls http.Transport.RoundTrip, which eventually calls http2.noDialH2RoundTripper.RoundTrip
#4: prober/http.go:227:44: prober.transport.RoundTrip calls http.Transport.RoundTrip, which eventually calls http2.unencryptedTransport.RoundTrip
Your code is affected by 1 vulnerability from 1 module.
This scan also found 2 vulnerabilities in packages you import and 0
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
govulncheckdetects vulnerability fix by update of golang.org/x/net@v0.53.0 is needed and tag the new version