CVE-2018-17848 (High) detected in github.com/envoyproxy/protoc-gen-validate-v0.1.0 - autoclosed

[mend-for-github-com[bot]]

CVE-2018-17848 - High Severity Vulnerability

Vulnerable Library - github.com/envoyproxy/protoc-gen-validate-v0.1.0

protoc plugin to generate polyglot message validators

Library home page: https://proxy.golang.org/github.com/envoyproxy/protoc-gen-validate/@v/v0.1.0.zip

Dependency Hierarchy: - github.com/envoyproxy/go-control-plane-v0.9.0 (Root Library) - :x: **github.com/envoyproxy/protoc-gen-validate-v0.1.0** (Vulnerable Library)

Found in HEAD commit: d853fd7abd23b213e8ecb1eded4fd77944aa8ed5

Found in base branch: main

Vulnerability Details

The html package (aka x/net/html) through 2018-09-25 in Go mishandles $, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call. Publish Date: 2018-10-01 URL: CVE-2018-17848 CVSS 3 Score Details (7.5) Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High For more information on CVSS3 Scores, click here. Suggested Fix Type: Upgrade version Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-17848 Release Date: 2018-10-01 Fix Resolution: golang-golang-x-net-dev - 1:0.0+git20181201.351d144+dfsg-3 mend-for-github-com[bot] commented 1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory. © Githubissues. Githubissues is a development platform for aggregating issues. $

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.