Open SivaneshLogandurai opened 2 weeks ago
Thanks for reporting.
This should get addressed once https://github.com/pulumi/pulumi-terraform-bridge/pull/2160 gets picked up here.
@VenelinMartinov Can I get an ETA on this ticket?
This should get released this week. Do you have a specific reason you need this? Seems unlikely this actually affects the library. I am not aware of any uses of a reverse proxy here.
It's just that our scans are failing with the CVE.
Describe what happened
Our scanning jobs have identified a new CVE "CVE-2024-24791" in the pulumi-std v1.7.2. This is an issue with the Go standard library net/http.
Sample program
N/A
Log output
Scan result
Affected Resource(s)
No response
Output of
pulumi about
Using pulumi v3.122.0 and pulumi-random v4.16.3
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).