Critical vulnerability CVE-2024-24790 in go stdlib

grafana / loki

Like Prometheus, but for logs.

https://grafana.com/loki

GNU Affero General Public License v3.0

22.71k stars 3.3k forks source link

Open bpfoster opened 5 days ago

bpfoster commented 5 days ago

Loki 3.0.0

CVE-2024-24790 has been published against the go stdlib net/netip.

Resolved in go 1.21.11 or 1.22.4. Loki 3.0.0 showing as built with a vulnerable go 1.21.9

JohnFrampton commented 4 days ago

We would very much appreciate the fix :-)