Amazon Linux AMI Security Advisory: ALAS-2021-1512
Advisory Release Date: 2021-07-08 18:38 Pacific
Advisory Updated Date: 2021-07-12 21:49 Pacific
A vulnerability was found in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however servers are only vulnerable if the default 1 MB value for MaxHeaderBytes is increased. (CVE-2021-31525)
Run yum update golang to update your system.