Closed knweiss closed 5 years ago
Given that Alertmanager uses the given library as a client (memberlist), not a server, I don't think this attack applies to us.
I will look into updating this dependency anyways.
Thanks for reporting the issue. For future security vulnerabilities please do not report them publicly, but instead please reach out to the maintainer of the project directly. This gives us more time to mitigate the problem.
Closed by #1738
What did you do?
FYI: I've just tested the Go dependency vulnerability scanner nancy on the alertmanager master branch and it found one issue.
I did not look too close into this issue myself and don't know if it really is important. I just wanted to let you know.
What did you expect to see?
No known vulnerabilities.
What did you see instead? Under which circumstances?