Facing vulnerability with stdlib and google.golang.org/grpc

grpc-ecosystem / grpc-health-probe

A command-line tool to perform health-checks for gRPC applications in Kubernetes and elsewhere

Apache License 2.0

1.42k stars 188 forks source link

Facing vulnerability with stdlib and google.golang.org/grpc #211

Open rujutaghanekar opened 1 month ago

rujutaghanekar commented 1 month ago

Facing vulnerability with stdlib package

CVE-2024-24791
Present in golang 1.22.4 version
Fixed in golang 1.22.5 version

Facing vulnerability with google.golang.org/grpc

GHSA-xr7q-jx4m-x55m
installed_version -> v1.64.0
fixed_version -> v1.64.1

We use grpc-health-probe in our project. Our scans are failing because of mentioned vulnerabilities. Please update package and golang versions.

ahmetb commented 1 month ago

gPRC-go module is already updated to 1.65. And http/1.1 vuln doesn't impact grpc, so it's irrelevant.

trend-shihyi-wu commented 1 month ago

Currently, we are also using the grpc-health-probe tool in our project, and we encountered a failed security scan due to the mentioned vulnerability. If possible, we would appreciate an update as soon as possible. Thank you.