Our appsec team is evaluating the security of ksniff. The repo was scanned for vulnerable third party libraries and here are the results. Is there an SLA or typical amount of time to remediate vulnerabilities in the ksniff repo? Thank you.
Vulnerable lib - golang.org/x/net-v0.0.0-20201110031124-69a78807bb2b;
a. CVE-2022-41721
b. CVE-2021-44716
c. CVE-2022-30633
d. CVE-2021-33194
e. CVE-2022-28131
f. CVE-2021-31525
g. CVE-2022-27664
Vulnerable lib - golang.org/x/crypto-v0.0.0-20201002170205-7f63de1d35b0
a. CVE-2022-27191
b. CVE-2021-43565
c. CVE-2020-29652
Vulnerable lib - golang.org/x/text-v0.3.4
a. CVE-2021-38561
b. CVE-2020-28852
c. CVE-2020-28851
d. CVE-2022-21149
Vulnerable lib - golang.org/x/sys-v0.0.0-20201112073958-5cba982894dd
a. CVE-2022-29526
Vulnerable lib - gopkg.in/yaml.v3-v3.0.0-20200313102051-9f266ea9e77c
a. CVE-2022-28948
Vulnerable lib - k8s.io/apimachinery-v0.20.6
a. CVE-2022-3172
Vulnerable lib - github.com/emicklei/go-restful-v2.11.1+incompatible
a. CVE-2022-1996
Hi there,
Our appsec team is evaluating the security of ksniff. The repo was scanned for vulnerable third party libraries and here are the results. Is there an SLA or typical amount of time to remediate vulnerabilities in the ksniff repo? Thank you.
c. CVE-2020-29652