Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
Hello, we ran a twistlock scan and got this finding:
CVE: PRISMA-2023-0056
Image: hashicorp/consul:1.17.2
Description: The github.com/sirupsen/logrus module of all versions is vulnerable to denial of service. Logging more than 64kb of data in a single entry without newlines causes the log writer function to hang indefinitely.
Distro: alpine-3.18.5
Package: github.com/sirupsen/logrus v1.9.0
Package Path: /bin/consul
Info: https://github.com/sirupsen/logrus/issues/1370
Hello, we ran a twistlock scan and got this finding:
CVE: PRISMA-2023-0056 Image: hashicorp/consul:1.17.2 Description: The github.com/sirupsen/logrus module of all versions is vulnerable to denial of service. Logging more than 64kb of data in a single entry without newlines causes the log writer function to hang indefinitely. Distro: alpine-3.18.5 Package: github.com/sirupsen/logrus v1.9.0 Package Path: /bin/consul Info: https://github.com/sirupsen/logrus/issues/1370
I think its coming from here: https://github.com/hashicorp/consul/blob/main/go.mod#L250
Are there plans to bump this dependency?