golang-github-prometheus-prometheus (SUSE:Linux Enterprise Module for Package Hub 15 SP6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Package Hub 15 SP6 package golang-github-prometheus-prometheus, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2023-45288 — CVSS 7.5 (high): An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames…
CVE-2022-41723 — CVSS 7.5 (high): A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service…
CVE-2023-45142 — CVSS 7.5 (high): OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels…
CVE-2022-41715 — CVSS 7.5 (high): Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed…
CVE-2024-6104 — CVSS 6.0 (medium): go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing…
CVE-2025-22870 — CVSS 4.4 (medium): Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY…
CVE-2024-51744 — CVSS 3.1 (low): golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to…