ribbybibby
commented
2 years ago Thanks for this issue! I've bumped the version in 2.4.1 and added dependabot so I'll catch updates more promptly in future.
Closed oparrish2 closed 2 years ago
ribbybibby
commented
2 years ago Thanks for this issue! I've bumped the version in 2.4.1 and added dependabot so I'll catch updates more promptly in future.
ssl_exporter is using 1.11.0 of promhttp which has a DoS CVE. promhttp should be updated to >= 1.11.1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPROMETHEUSCLIENTGOLANGPROMETHEUSPROMHTTP-2401819