JohnFrampton
commented
3 days ago Please also update to a golang version without CVE https://nvd.nist.gov/vuln/detail/CVE-2024-24790 or https://github.com/golang/go/issues/67680
Open drushtant17 opened 1 month ago
JohnFrampton
commented
3 days ago Please also update to a golang version without CVE https://nvd.nist.gov/vuln/detail/CVE-2024-24790 or https://github.com/golang/go/issues/67680
Hi Team, below are the CVE's vulnerable for postgres_exporter image. 1) CVE-2023-48795 : Vulnerable library - golang.org/x/crypto with a version v0.14.0 2) CVE-2024-24786 : Vulnerable library - google.golang.org/protobuf with a version v1.31.0 3) CVE-2023-45288 : Vulnerable library - golang.org/x/net with a version v0.17.0
We can see upgraded versions for these libraries in master branch, so we require a release. The last version was released on 6 November 2023. Since then there are no updates. Can someone please take a look at it. Please consider a JIRA from our end - https://jira.cloudera.com/browse/DSE-36793