GO-2024-2527 claims the vulnerability affects all versions of etcd, but the source (https://github.com/advisories/GHSA-5x4g-q5rc-36jp) says affected versions are: < 3.3.23, >= 3.4.0-rc.0 <= 3.4.9, and it's patched in versions 3.3.23, 3.4.10.
This is causing downstream CVE scanning tools to raise false-positive vulnerabilities in patched versions of etcd.
bm402
commented
5 months ago
Report ID
GO-2024-2527
Suggestion/Comment
GO-2024-2527 claims the vulnerability affects all versions of
etcd, but the source (https://github.com/advisories/GHSA-5x4g-q5rc-36jp) says affected versions are:< 3.3.23, >= 3.4.0-rc.0 <= 3.4.9, and it's patched in versions3.3.23, 3.4.10.This is causing downstream CVE scanning tools to raise false-positive vulnerabilities in patched versions of
etcd.