VDB
KO

GO-2026-5264

Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus

Details

Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/prometheus/prometheus
Introduced in: 0 Fixed in: 0.305.2
Fix go get github.com/prometheus/prometheus@v0.305.2
Go / github.com/prometheus/prometheus/v2
Introduced in: 0

No fixed version published yet for github.com/prometheus/prometheus/v2 (go modules). Pin to a known-safe version or switch to an alternative.

References