Pio1006 / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
0 stars 0 forks source link

CVE-2018-17847 (High) detected in github.com/envoyproxy/protoc-gen-validate-v0.1.0 - autoclosed #4

Closed mend-for-github-com[bot] closed 1 year ago

mend-for-github-com[bot] commented 3 years ago

CVE-2018-17847 - High Severity Vulnerability

Vulnerable Library - github.com/envoyproxy/protoc-gen-validate-v0.1.0

protoc plugin to generate polyglot message validators

Library home page: https://proxy.golang.org/github.com/envoyproxy/protoc-gen-validate/@v/v0.1.0.zip

Dependency Hierarchy: - github.com/envoyproxy/go-control-plane-v0.9.0 (Root Library) - :x: **github.com/envoyproxy/protoc-gen-validate-v0.1.0** (Vulnerable Library)

Found in HEAD commit: d853fd7abd23b213e8ecb1eded4fd77944aa8ed5

Found in base branch: main

Vulnerability Details

The html package (aka x/net/html) through 2018-09-25 in Go mishandles