Security vulnerabilities CVE-2019-9705, CVE-2019-9704, CVE-2017-9525, CVE-2019-9705, CVE-2019-9704

[sharanuainapur]

Security Vulnerabilities from go.mod:github.com/robfig/cron/v3/3.0.1

Since I am not able to post Security Vulnerabilities, I have created as BUG.

We are using https://github.com/go-co-op/gocron package library. Since it uses 'go.mod:github.com/robfig/cron/v3/3.0.1' package internally our client found below security Vulnerabilities.

Please advise me how can I proceed with these.

https://nvd.nist.gov/vuln/detail/CVE-2019-9705 https://nvd.nist.gov/vuln/detail/CVE-2019-9704 https://nvd.nist.gov/vuln/detail/CVE-2017-9525 https://nvd.nist.gov/vuln/detail/CVE-2019-9705

Please find the attachment Security.vulnerabilities (1).docx

[robfig]

Thanks for the alert but these CVEs do not apply to this package. This is just a library for parsing and scheduling jobs using that format; it would be up to whoever uses this package to determine appropriate policies for accepting schedules. If we did add a default limit to the number of jobs accepted, I wouldn't know how we could determine a reasonable value to set it to, since this package may be used in many contexts.