Security issue CVE-2024-24791

aptible / supercronic

Cron for containers

MIT License

1.86k stars 113 forks source link

Security issue CVE-2024-24791 #163

Closed markitosgv closed 1 month ago

markitosgv commented 1 month ago

https://pkg.go.dev/vuln/GO-2024-2963

Please upgrade GO to >=1.22.5 to handle this Thanks!

larsteuber commented 1 month ago

This issue has been flagged as a MEDIUM security risk by Aqua/Trivy.

https://www.cve.org/CVERecord?id=CVE-2024-24791

Could you please provide an estimated release date for the fix?

Thanks and best regards!

UserNotFound commented 1 month ago

Hello, the reported CVE does not impact Supercronic, as it does not implement httputil.ReverseProxy, nor does it create any HTTP client connections using any of the listed affected symbols.

The Go version of Supercronic will be updated in a future release, however.