Open mvanduijker opened 1 week ago
In latest version (10.21.0.11)
usr/bin/newrelic-daemon (gobinary) ================================== Total: 1 (HIGH: 0, CRITICAL: 1) ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2024-24790 │ CRITICAL │ fixed │ 1.22.3 │ 1.21.11, 1.22.4 │ golang: net/netip: Unexpected behavior from Is methods for │ │ │ │ │ │ │ │ IPv4-mapped IPv6 addresses │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24790 │ └─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴────────────────────────────────────────────────────────────┘
I don't exactly know how golang works, but new relic daemon needs to be compiled with the fixed version of stdlib.
https://new-relic.atlassian.net/browse/NR-282424
trivy scan reports CVE's in newrelic binary about stdlib
Description
In latest version (10.21.0.11)
Expected Behavior
I don't exactly know how golang works, but new relic daemon needs to be compiled with the fixed version of stdlib.