search

otterize / network-mapper

Map Kubernetes traffic: in-cluster, to the Internet, and to AWS IAM and export as text, intents, or an image
Apache License 2.0
612 stars 23 forks source link

Vulnerabilities in GO version 1.19.x #146

Closed Moran-k closed 1 year ago

Moran-k commented 1 year ago

Hi team,

During our monthly scan of 3rd-party utilities, we have found the following critical vulnerabilities in network-mapper-sniffer:v1.0.2

GO /main VulnerabilityID Severity InstalledVersion FixedVersion
CVE-2023-24538 CRITICAL 1.19.13 1.20.3-r0
CVE-2023-24540 CRITICAL 1.19.13 1.20.4-r0
CVE-2023-29402 CRITICAL 1.19.13 1.20.5-r0
CVE-2023-29404 CRITICAL 1.19.13 1.20.5-r0
CVE-2023-29405 CRITICAL 1.19.13 1.20.5-r0

Can you release a new version of this excellent tool built with a more recent GO version?

orishoshan commented 1 year ago

For sure. We're using Dependabot and it didn't pick this up (presumably because it's not a dependency but Go itself); we'll look into adding Go to this.