#go

5 pages tagged with "go"

infosec

chunkloris: gin — HTTP/1.1 chunked transfer encoding. gin 1.10.1. verdict: vulnerable per chunk.
chunkloris: Go net/http + golang.org/x/net/http2 (h2c) — HTTP/2 (h2c) DATA frames. Go net/http + golang.org/x/net/http2 (h2c) go 1.23 + x/net v0.30. verdict: vulnerable per frame.
chunkloris: gorilla/websocket — WebSocket text frames. gorilla/websocket v1.5.3 on go 1.23. verdict: batches correctly.
chunkloris: net/http (stdlib) — HTTP/1.1 chunked transfer encoding. net/http (stdlib) go-1.23.12. verdict: vulnerable per chunk.
chunkloris: quic-go HTTP/3 — HTTP/3 DATA frames over QUIC. quic-go HTTP/3 quic-go v0.54.0. verdict: vulnerable per frame.