vulndb/reports/GO-2020-0037.yaml

module: github.com/tendermint/tendermint
package: github.com/tendermint/tendermint/rpc/client
versions:
  - fixed: v0.31.1
description: |
  Due to support of Gzip compression in request bodies, as well
  as a lack of limiting response body sizes, a malicious server
  can cause a client to consume a significant amount of system
  resources, which may be used as a denial of service vector.
published: 2021-04-14T12:00:00Z
credit: "@guagualvcha"
symbols:
  - makeHTTPClient
links:
  pr: https://github.com/tendermint/tendermint/pull/3430
  commit: https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613
all: switch from toml to yaml Change-Id: I9fb36a246d0d532e44a28903998b9750cf794a85 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1055925 Reviewed-by: Roland Shoemaker <bracewell@google.com> 2021-04-14 22:59:24 +03:00			`module: github.com/tendermint/tendermint`
			`package: github.com/tendermint/tendermint/rpc/client`
			`versions:`
reports: more consistent description tone Also remove a few improper reports, and format all of the YAML a bit more nicely. Change-Id: I1d4d79578228a775489c286991dbe1386e079a66 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1062398 Reviewed-by: Roland Shoemaker <bracewell@google.com> 2021-04-20 06:07:53 +03:00			`- fixed: v0.31.1`
			`description: \|`
			`Due to support of Gzip compression in request bodies, as well`
			`as a lack of limiting response body sizes, a malicious server`
			`can cause a client to consume a significant amount of system`
			`resources, which may be used as a denial of service vector.`
all: switch from toml to yaml Change-Id: I9fb36a246d0d532e44a28903998b9750cf794a85 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1055925 Reviewed-by: Roland Shoemaker <bracewell@google.com> 2021-04-14 22:59:24 +03:00			`published: 2021-04-14T12:00:00Z`
reports: more consistent description tone Also remove a few improper reports, and format all of the YAML a bit more nicely. Change-Id: I1d4d79578228a775489c286991dbe1386e079a66 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1062398 Reviewed-by: Roland Shoemaker <bracewell@google.com> 2021-04-20 06:07:53 +03:00			`credit: "@guagualvcha"`
all: switch from toml to yaml Change-Id: I9fb36a246d0d532e44a28903998b9750cf794a85 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1055925 Reviewed-by: Roland Shoemaker <bracewell@google.com> 2021-04-14 22:59:24 +03:00			`symbols:`
reports: more consistent description tone Also remove a few improper reports, and format all of the YAML a bit more nicely. Change-Id: I1d4d79578228a775489c286991dbe1386e079a66 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1062398 Reviewed-by: Roland Shoemaker <bracewell@google.com> 2021-04-20 06:07:53 +03:00			`- makeHTTPClient`
all: switch from toml to yaml Change-Id: I9fb36a246d0d532e44a28903998b9750cf794a85 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1055925 Reviewed-by: Roland Shoemaker <bracewell@google.com> 2021-04-14 22:59:24 +03:00			`links:`
			`pr: https://github.com/tendermint/tendermint/pull/3430`
			`commit: https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613`