search

grpc-ecosystem / grpc-health-probe

A command-line tool to perform health-checks for gRPC applications in Kubernetes and elsewhere
Apache License 2.0
1.44k stars 188 forks source link

CVE-2023-3978 | Facing vulnerability with golang.org/x/net package #152

Closed rujutaghanekar closed 1 year ago

rujutaghanekar commented 1 year ago

Facing CVE-2023-3978 with currently used golang.org/x/net version - https://github.com/grpc-ecosystem/grpc-health-probe/blob/master/go.mod#L6 Package version needs to be >= 0.13.0

Screenshot 2023-08-09 at 4 09 32 PM Screenshot 2023-08-09 at 4 10 03 PM
ahmetb commented 1 year ago

Sorry this vulnerability doesn't apply to this tool. Consider suppressing it.

rujutaghanekar commented 1 year ago

@ahmetb As this tool is using the golang net package here - https://github.com/grpc-ecosystem/grpc-health-probe/blob/master/go.mod#L6, when we try to use the tool, we are facing vulnerability issues.