fix CVE-2024-51744 in v10.27.0

andyzhangx commented 2 weeks ago

usr/local/bin/azcopy (gobinary)
===============================
Total: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

┌──────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────┐
│           Library            │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                       Title                        │
├──────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────┤
│ github.com/golang-jwt/jwt/v4 │ CVE-2024-51744 │ LOW      │ fixed  │ v4.5.0            │ 4.5.1         │ golang-jwt: Bad documentation of error handling in │
│                              │                │          │        │                   │               │ ParseWithClaims can lead to potentially...         │
│                              │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-51744         │
└──────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────┘

andyzhangx commented 2 weeks ago

go get -u github.com/golang-jwt/jwt/v4

seanmcc-msft commented 1 week ago

Fixed in 10.27.1

Azure / azure-storage-azcopy

fix CVE-2024-51744 in v10.27.0 #2861