alexei-led
commented
1 year ago @KevinPoole can you please elaborate on how to exploit pumba using the above vulnerability? I prefer not to update/change code for false-positive reports.
Closed KevinPoole closed 1 year ago
alexei-led
commented
1 year ago @KevinPoole can you please elaborate on how to exploit pumba using the above vulnerability? I prefer not to update/change code for false-positive reports.
KevinPoole
commented
1 year ago Hi Alexei,
Totally understand. Was using pumba with a strict static scanning framework which required me to at least link to a ticket that showed the CVE had been reported.
I respect your decision either way - thanks for the library.
On Sat, Aug 19, 2023 at 9:40 AM Alexei Ledenev @.***> wrote:
@KevinPoole https://github.com/KevinPoole can you please elaborate on how to exploit pumba using the above vulnerability? I prefer not to update/change code for false-positive reports.
— Reply to this email directly, view it on GitHub https://github.com/alexei-led/pumba/issues/242#issuecomment-1684946073, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB7PVSARAKDEV4CTGMPHQVTXWC65PANCNFSM6AAAAAAVS4EX7Q . You are receiving this because you were mentioned.Message ID: @.***>
alexei-led
commented
1 year ago fixed
Scanners indicate pumba is vulnerable to https://github.com/advisories/GHSA-69cg-p879-7622
Fix seems to be to just update golang.org/x/net dependency