Closed galusben closed 2 years ago
Those vulnerabilities appear to be in the consul server. Go kit only depends on the github.com/hashicorp/consul/api
package to support calling the consul API. Go kit does not run a consul server.
https://github.com/go-kit/kit/search?q=consul
Is there any evidence the github.com/hashicorp/consul/api
package is impacted by these vulnerabilities?
You are correct.
github.com/hashicorp/consul/api
is a sub module of github.com/hashicorp/consul
and that is why it was reported on this project.
Closing the issue.
What did you do?
I scanned this source code with JFrog Xray through the CLI and got 2 vulnerabilities originating from: github.com/hashicorp/consul/api:1.10.1 CVE-2021-37219 CVE-2021-38698
What did you expect?
The vulnerabilities to be fixed
What happened instead?
The vulnerabilities exists