GCVE - cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:*

part: a version: - update: *

Vendor	Netapp (`f19678f6-cb27-5a55-8852-34b249f80ef9`)
Product	Astra Trident (`ed404686-403a-5415-93c6-3dccab2e0bf0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/netapp/trident`	purl2cpe	2026-06-01 10:11:58.308465
`pkg:github/netapp/trident`	purl2cpe	2026-06-01 10:11:58.308468

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-39325`	vulnerable	2026-06-03 14:52:38.685570	HTTP/2 rapid reset can cause excessive work in net/http A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Published: 2023-10-11T21:15:02.727Z Updated: 2025-02-13T17:02:50.341Z Open on db.gcve.eu Reference links https://go.dev/issue/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://pkg.go.dev/vuln/GO-2023-2102	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-28948`	vulnerable	2026-06-03 14:46:56.311596	Details available An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. Published: 2022-05-19T19:59:30.000Z Updated: 2024-08-03T06:10:57.622Z Open on db.gcve.eu Reference links https://github.com/go-yaml/yaml/issues/666 https://security.netapp.com/advisory/ntap-20220923-0006/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24921`	vulnerable	2026-06-03 14:46:36.599494	Details available regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. Published: 2022-03-05T00:00:00.000Z Updated: 2024-08-03T04:29:01.519Z Open on db.gcve.eu Reference links https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk https://security.netapp.com/advisory/ntap-20220325-0010/ https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://security.gentoo.org/glsa/202208-02	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.