Updated: 2026-02-16 11:08:23.488903
Description:
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | golang | 1.19.13 | 7.5 | HIGH | Released | CLSA-2026:1772039226 | 2026-02-25 18:55:36 | |
| AlmaLinux 9.2 ESU | buildah | 1.29.1 | 7.5 | HIGH | Released | CLSA-2026:1772455449 | 2026-03-02 13:41:17 | |
| AlmaLinux 9.2 ESU | osbuild-composer | 76 | 7.5 | HIGH | In Testing | 2026-03-06 16:18:55 | ||
| AlmaLinux 9.2 ESU | git-lfs | 3.2.0 | 7.5 | HIGH | Needs Triage | 2026-03-06 02:08:50 | ||
| AlmaLinux 9.2 ESU | grafana | 9.0.9 | 7.5 | HIGH | Released | CLSA-2026:1772041183 | 2026-02-25 18:54:36 | |
| AlmaLinux 9.2 ESU | go-rpm-macros | 3.2.0 | 7.5 | HIGH | In Testing | 2026-03-05 11:11:34 | ||
| AlmaLinux 9.2 ESU | podman | 4.4.1 | 7.5 | HIGH | Released | CLSA-2026:1772456640 | 2026-03-02 13:40:54 | |
| AlmaLinux 9.2 ESU | grafana-pcp | 5.1.1 | 7.5 | HIGH | Released | CLSA-2026:1772040065 | 2026-02-25 18:53:57 | |
| AlmaLinux 9.2 ESU | skopeo | 1.11.2 | 7.5 | HIGH | Released | CLSA-2026:1772812991 | 2026-03-06 16:20:28 | |
| AlmaLinux 9.2 ESU | containernetworking-plugins | 1.2.0 | 7.5 | HIGH | Released | CLSA-2026:1772575666 | 2026-03-04 08:17:35 |