Fix golang.org/x/net — CVE-2023-44487 HIGH
Fix CVE-2023-44487 (HIGH) in golang.org/x/net for Go. Paste your go.mod into PackageFix and get a patched version — no CLI, no signup. Http/2 rapid reset causing denial of service.
🔴 CISA KEV — golang.org/x/net appears on the CISA Known Exploited Vulnerabilities catalog. Actively exploited in the wild. Fix immediately.
⚠ Vulnerability
CVE-2023-44487 (HIGH) — HTTP/2 rapid reset causing denial of service in golang.org/x/net below v0.23.0.
Vulnerable — go.mod
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
Fixed — go.mod
golang.org/x/net v0.23.0
✓ Fix
Update golang.org/x/net to v0.23.0 and run go mod tidy.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2023-44487 |
| Severity | HIGH |
| Package | golang.org/x/net (Go) |
| Safe version | v0.23.0 |
| CISA KEV | 🔴 Yes |
| Description | Http/2 rapid reset causing denial of service |
Frequently Asked Questions
What is CVE-2023-44487?
CVE-2023-44487 is a HIGH severity vulnerability in golang.org/x/net (Go) that allows HTTP/2 rapid reset causing denial of service. Update to v0.23.0 or later.
How do I fix CVE-2023-44487 in golang.org/x/net?
Update golang.org/x/net to version v0.23.0 in your go.mod and run go mod tidy.
Is CVE-2023-44487 being actively exploited?
Yes — it appears on the CISA KEV catalog. Fix immediately.
How do I verify the fix for CVE-2023-44487?
After updating, paste your go.mod into PackageFix again. If CVE-2023-44487 no longer appears in the CVE table, the fix is applied.