search

mimiro-io / datahub-cli

The MIMIRO Data Hub CLI, known as mim, provides command line control over a MIMIRO data hub instance or any Universal Data Specification (UDA) compliant endpoint
Apache License 2.0
5 stars 2 forks source link

Patch CVE-2024-24792 #209

Closed ingve closed 5 months ago

ingve commented 5 months ago

Fixes

=== Symbol Results ===

Vulnerability #1: GO-2024-2937
    Panic when parsing invalid palette-color images in golang.org/x/image
  More info: https://pkg.go.dev/vuln/GO-2024-2937
  Module: golang.org/x/image
    Found in: golang.org/x/image@v0.16.0
    Fixed in: golang.org/x/image@v0.18.0
    Example traces found:
      #1: internal/docs/docs.go:48:27: docs.RenderMarkdown calls term.Render, which eventually calls tiff.Decode

Your code is affected by 1 vulnerability from 1 module.