search

hashicorp / consul-template

Template rendering, notifier, and supervisor for @HashiCorp Consul and Vault data.
https://www.hashicorp.com/
Mozilla Public License 2.0
4.76k stars 782 forks source link

Multiple CVEs reported by Trivy scan tool for v0.39.1 #2002

Open KisanK79 opened 3 weeks ago

KisanK79 commented 3 weeks ago

usr/local/bin/consul-template (gobinary)

Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 1, CRITICAL: 0)

Library Vulnerability Severity Status Installed Version Fixed Version Title
stdlib CVE-2024-34156 HIGH fixed 1.22.5 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message with deeply nested structures
More info
stdlib CVE-2024-34155 MEDIUM go/parser: golang: Calling any Parse functions with deeply nested literals
More info
stdlib CVE-2024-34158 MEDIUM go/build/constraint: golang: Parsing a "// +build" build tag line with specific constraints
More info

The listed CVEs for v0.39.1, Looks like go version needs to be bumped