You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
gorilla schema
About this tag
The gorilla schema tag covers discussions about the Gorilla Schema library for Go, particularly a high-severity denial-of-service vulnerability tracked as CVE-2024-37298. This vulnerability allowed attackers to cause unbounded memory allocations when decoding form or query parameters into structs containing nested slices. The library was patched in version 1.4.1, which introduced a configurable slice size cap and defensive checks. Developers and operators are advised to upgrade or apply mitigations to protect against availability risks. The tag focuses on security updates, patching, and best practices for using Gorilla Schema in Go applications.
A high‑severity denial‑of‑service vulnerability — tracked as CVE‑2024‑37298 — was disclosed in the popular Go library github.com/gorilla/schema, allowing an attacker to force unbounded memory allocations when the library decodes form or query parameters into structs that contain slices of nested...