search

infobloxopen / terraform-provider-infoblox

Infoblox NIOS Terraform Provider
https://github.com/infobloxopen/terraform-provider-infoblox
Mozilla Public License 2.0
67 stars 72 forks source link

CVE hits on latest release #328

Closed mmurtha closed 2 weeks ago

mmurtha commented 4 months ago

Hello I would love to continue using this project but our cyber scans are preventing me. Can you look at these scan results and consider updating your go version? Thank you

./infoblox/2.5.0/linux_amd64/terraform-provider-infoblox_v2.5.0 NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY stdlib go1.17.6 go-module CVE-2023-24540 Critical
stdlib go1.17.6 go-module CVE-2023-24538 Critical
stdlib go1.17.6 go-module CVE-2022-23806 Critical
stdlib go1.17.6 go-module CVE-2023-45287 High
stdlib go1.17.6 go-module CVE-2023-45285 High
stdlib go1.17.6 go-module CVE-2023-44487 High
stdlib go1.17.6 go-module CVE-2023-29403 High
stdlib go1.17.6 go-module CVE-2023-29400 High
stdlib go1.17.6 go-module CVE-2023-24539 High
stdlib go1.17.6 go-module CVE-2023-24537 High
stdlib go1.17.6 go-module CVE-2023-24536 High
stdlib go1.17.6 go-module CVE-2023-24534 High
stdlib go1.17.6 go-module CVE-2022-41725 High
stdlib go1.17.6 go-module CVE-2022-41724 High
stdlib go1.17.6 go-module CVE-2022-41723 High
stdlib go1.17.6 go-module CVE-2022-41722 High
stdlib go1.17.6 go-module CVE-2022-41715 High
stdlib go1.17.6 go-module CVE-2022-32189 High
stdlib go1.17.6 go-module CVE-2022-30635 High
stdlib go1.17.6 go-module CVE-2022-30633 High
stdlib go1.17.6 go-module CVE-2022-30632 High
stdlib go1.17.6 go-module CVE-2022-30631 High
stdlib go1.17.6 go-module CVE-2022-30630 High
stdlib go1.17.6 go-module CVE-2022-30580 High
stdlib go1.17.6 go-module CVE-2022-2880 High
stdlib go1.17.6 go-module CVE-2022-2879 High
stdlib go1.17.6 go-module CVE-2022-28327 High
stdlib go1.17.6 go-module CVE-2022-28131 High
stdlib go1.17.6 go-module CVE-2022-27664 High
stdlib go1.17.6 go-module CVE-2022-24921 High
stdlib go1.17.6 go-module CVE-2022-24675 High
stdlib go1.17.6 go-module CVE-2022-23773 High
stdlib go1.17.6 go-module CVE-2022-23772 High
stdlib go1.17.6 go-module CVE-2023-39326 Medium
stdlib go1.17.6 go-module CVE-2023-39319 Medium
stdlib go1.17.6 go-module CVE-2023-39318 Medium
stdlib go1.17.6 go-module CVE-2023-29409 Medium
stdlib go1.17.6 go-module CVE-2023-29406 Medium
stdlib go1.17.6 go-module CVE-2023-24532 Medium
stdlib go1.17.6 go-module CVE-2022-41717 Medium
stdlib go1.17.6 go-module CVE-2022-32148 Medium
stdlib go1.17.6 go-module CVE-2022-29526 Medium
stdlib go1.17.6 go-module CVE-2022-1962 Medium
stdlib go1.17.6 go-module CVE-2022-1705 Medium
stdlib go1.17.6 go-module CVE-2022-30629 Low

SanjeevManurkar commented 4 months ago

We will check this

JkhatriInfobox commented 2 weeks ago

In our most recent release, v2.7.0, we have included the update to Go Lang version 1.21 along with the necessary libraries.

Should the issue continue, please do not hesitate to reopen it.