go: Multiple Vulnerabilities (CVE-2019-9512, CVE-2019-9514, CVE-2019-14809)
CVE-2019-9512, CVE-2019-9514: Denial of Service vulnerabilities in the HTTP/2 implementation
net/http and golang.org/x/net/http2 servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. Servers will now close connections if the send queue accumulates too many control messages.
CVE-2019-14809: Parsing validation issue