While working on LocalAI project, I scanned the dependency manifest and found that it uses a vulnerable version of github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream. The scan revealed a denial-of-service issue where malformed EventStream headers can trigger a panic in the decoder, potentially crashing the application.
CVE Report
CVE Link
While working on LocalAI project, I scanned the dependency manifest and found that it uses a vulnerable version of
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream. The scan revealed a denial-of-service issue where malformed EventStream headers can trigger a panic in the decoder, potentially crashing the application.CVE Report
CVE Link