Jfrog Xray reports security flaws on grpc_health_probe-linux-amd64 v 0.4.2

grpc-ecosystem / grpc-health-probe

A command-line tool to perform health-checks for gRPC applications in Kubernetes and elsewhere

Apache License 2.0

1.42k stars 186 forks source link

Jfrog Xray reports security flaws on grpc_health_probe-linux-amd64 v 0.4.2 #75

Closed ghevge closed 3 years ago

ghevge commented 3 years ago

Jfrog Xray is reporting a security flaw on grpc_health_probe-linux-amd64 v0.4.2. The flow seem to come from go:1.15.12

Any chance to have it fix ASAP?

Thanks.

ahmetb commented 3 years ago

That's not a scalable model. Unless you do hostname lookups with this tool, the associated bug does not impact you. Also you can always fork and maintain your own version. Eventually we'll pick up the new version. For that, please make a patch in form of a pull request.

ahmetb commented 3 years ago

0.4.3 is released. it should be fixing this.