Fix CVE-2023-44487 in golang.org/x/net HIGH
Fix CVE-2023-44487 (HTTP/2 rapid reset) in golang.org/x/net for Go. Paste your go.mod into PackageFix and get a patched version back — no CLI, no signup.
⚠ Vulnerability
CVE-2023-44487 — HTTP/2 rapid reset in golang.org/x/net. Update to v0.23.0 or later.
Vulnerable Version — go.mod
golang.org/x/net v0.0.0-20210405180319
Fixed Version — go.mod
golang.org/x/net v0.23.0
✓ Fix
Update to v0.23.0 and run go mod tidy to apply the fix.
Scan your dependencies now — paste your manifest, get a fixed version back in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
What is CVE-2023-44487?
CVE-2023-44487 is a vulnerability in golang.org/x/net that allows HTTP/2 rapid reset. Update to version v0.23.0 or later to fix it.
Is CVE-2023-44487 on the CISA KEV catalog?
Check the live CISA KEV catalog at packagefix.dev — the catalog updates daily and PackageFix always reflects the current status.
How do I fix CVE-2023-44487 in golang.org/x/net?
Update golang.org/x/net to version v0.23.0 or later in your go.mod. Run go mod tidy after updating.
Does CVE-2023-44487 affect all versions of golang.org/x/net?
Check the OSV advisory for the exact affected version range. PackageFix shows the minimum safe version for your installed version.