Fix Gorilla Mux — CVE-2023-44487 MEDIUM
Fix CVE-2023-44487 (MEDIUM) in Gorilla Mux for Go. Paste your go.mod into PackageFix and get a patched version — no CLI, no signup. Http/2 rapid reset exposure via net/http dependency.
⚠ Vulnerability
CVE-2023-44487 (MEDIUM) — HTTP/2 rapid reset exposure via net/http dependency in Gorilla Mux below v1.8.1.
Vulnerable — go.mod
github.com/gorilla/mux v1.8.0
Fixed — go.mod
github.com/gorilla/mux v1.8.1
✓ Fix
Update Gorilla Mux to v1.8.1 and run go mod tidy.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2023-44487 |
| Severity | MEDIUM |
| Package | Gorilla Mux (Go) |
| Safe version | v1.8.1 |
| CISA KEV | — |
| Description | Http/2 rapid reset exposure via net/http dependency |
Frequently Asked Questions
What is CVE-2023-44487?
CVE-2023-44487 is a MEDIUM severity vulnerability in Gorilla Mux (Go) that allows HTTP/2 rapid reset exposure via net/http dependency. Update to v1.8.1 or later.
How do I fix CVE-2023-44487 in Gorilla Mux?
Update Gorilla Mux to version v1.8.1 in your go.mod and run go mod tidy.
Is CVE-2023-44487 being actively exploited?
Check packagefix.dev — the CISA KEV catalog updates daily.
How do I verify the fix for CVE-2023-44487?
After updating, paste your go.mod into PackageFix again. If CVE-2023-44487 no longer appears in the CVE table, the fix is applied.