=== Symbol Results ===
Vulnerability #1: GO-2026-4918
Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in
net/http/internal/http2 in golang.org/x/net
More info: https://pkg.go.dev/vuln/GO-2026-4918
Module: golang.org/x/net
Found in: golang.org/x/net@v0.52.0
Fixed in: golang.org/x/net@v0.53.0
Example traces found:
#1: internal/tracing/transport.go:67:31: tracing.tracingTransport.RoundTrip calls http.Transport.RoundTrip, which eventually calls http2.Transport.NewClientConn
#2: internal/tracing/transport.go:67:31: tracing.tracingTransport.RoundTrip calls http.Transport.RoundTrip, which eventually calls http2.Transport.RoundTrip
#3: internal/tracing/transport.go:67:31: tracing.tracingTransport.RoundTrip calls http.Transport.RoundTrip, which eventually calls http2.noDialH2RoundTripper.NewClientConn
#4: internal/tracing/transport.go:67:31: tracing.tracingTransport.RoundTrip calls http.Transport.RoundTrip, which eventually calls http2.noDialH2RoundTripper.RoundTrip
#5: internal/tracing/transport.go:67:31: tracing.tracingTransport.RoundTrip calls http.Transport.RoundTrip, which eventually calls http2.unencryptedTransport.RoundTrip
Your code is affected by 1 vulnerability from 1 module.
This scan found no other vulnerabilities in packages you import or modules you
require.
Use '-show verbose' for more details.
govulncheck detected 1 called vulnerability/ies
Workflow run: https://github.com/nopperabbo/kiroxy/actions/runs/26211987897
Text report