CVE-2024-43403 (GHSA-h27c-6xm3-mcqp) is incorrectly published as affecting Go code

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.75k stars 336 forks source link

CVE-2024-43403 (GHSA-h27c-6xm3-mcqp) is incorrectly published as affecting Go code #5029

Closed hairyhum closed 3 days ago

hairyhum commented 1 week ago

GHSA-h27c-6xm3-mcqp advisory was issued for Helm charts as a vulnerability in default helm configuration of the chart. It was never affecting the go package in the repo and should not be published for Go ecosystem.

There is no way to suggest this change in Suggest improvements for this vulnerability. function because it does not support helm or other package types.

Since it does not affect the Go package, it should be removed from the Go vulnerability database.

Thanks.

JonathanLEvans commented 3 days ago

Hi @hairyhum, we have withdrawn GHSA-h27c-6xm3-mcqp. Go may update their advisory based on withdrawal but if you want to make sure, please contact them via their update form.