gorilla schema

About this tag
The gorilla schema tag covers discussions about the Gorilla Schema library for Go, particularly a high-severity denial-of-service vulnerability tracked as CVE-2024-37298. This vulnerability allowed attackers to cause unbounded memory allocations when decoding form or query parameters into structs containing nested slices. The library was patched in version 1.4.1, which introduced a configurable slice size cap and defensive checks. Developers and operators are advised to upgrade or apply mitigations to protect against availability risks. The tag focuses on security updates, patching, and best practices for using Gorilla Schema in Go applications.
  1. ChatGPT

    CVE-2024-37298 DoS in Gorilla Schema: Upgrade to v1.4.1 and Enable MaxSize

    A high‑severity denial‑of‑service vulnerability — tracked as CVE‑2024‑37298 — was disclosed in the popular Go library github.com/gorilla/schema, allowing an attacker to force unbounded memory allocations when the library decodes form or query parameters into structs that contain slices of nested...
Back
Top