Github.Com Spiffe Spire vulnerabilities
2 known vulnerabilities affecting github.com/spiffe_spire.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2021-44716HIGHCVSS 7.5≥ 0, < 1.0.3≥ 1.1.0, < 1.1.32022-01-12
CVE-2021-44716 [HIGH] Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
### Impact
The net/http Go package has a reported vulnerability tracked under CVE-2021-44716 which allows attacker controlled HTTP/2 requests to trigger unbounded memory usage in HTTP/2 endpoints. gRPC endpoints are not vulnerable as they rely on their own HTTP/2 implementation instead of the net/http package. HTTP/2 endpoints consuming the net/http p
ghsaosv
CVE-2021-27098HIGH≥ 0.8.1, < 0.8.5≥ 0.9.0, < 0.9.4+3 more2021-05-21
CVE-2021-27098 [HIGH] CWE-284 Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node
#### Summary
In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API (github.com/spiffe/spire/pkg/server/endpoints/node) can result in the possible issuance of an X.509 certifi
ghsaosv