github-actions[bot]
commented
1 year ago This issue is stale because it has been open for 30 days with no activity.
Closed PeterTeunissen closed 11 months ago
github-actions[bot]
commented
1 year ago This issue is stale because it has been open for 30 days with no activity.
github-actions[bot]
commented
11 months ago This issue was closed because it has been inactive for 14 days since being marked as stale.
A thirdparty tool we use, has a dependency on sirupsen/logrus and our container scan tool is reporting a medium CVE on this package:
+------------------+----------+------+-----------------------------+---------+--------+-----------+--------------------------------------------------+ | CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DESCRIPTION | +------------------+----------+------+-----------------------------+---------+--------+-----------+--------------------------------------------------+ | PRISMA-2023-0056 | medium | 6.20 | github.com/sirupsen/logrus | v1.9.0 | open | 56 days | The github.com/sirupsen/logrus module of all | | | | | | | | | versions is vulnerable to denial of service. | | | | | | | | | Logging more than 64kb of data in a single entry | | | | | | | | | without new... | +------------------+----------+------+-----------------------------+---------+--------+-----------+--------------------------------------------------+
Are there plans to address this?