A thirdparty tool we use, has a dependency on sirupsen/logrus and our container scan tool is reporting a medium CVE on this package:
+------------------+----------+------+-----------------------------+---------+--------+-----------+--------------------------------------------------+
| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DESCRIPTION |
+------------------+----------+------+-----------------------------+---------+--------+-----------+--------------------------------------------------+
| PRISMA-2023-0056 | medium | 6.20 | github.com/sirupsen/logrus | v1.9.0 | open | 56 days | The github.com/sirupsen/logrus module of all |
| | | | | | | | versions is vulnerable to denial of service. |
| | | | | | | | Logging more than 64kb of data in a single entry |
| | | | | | | | without new... |
+------------------+----------+------+-----------------------------+---------+--------+-----------+--------------------------------------------------+
A thirdparty tool we use, has a dependency on sirupsen/logrus and our container scan tool is reporting a medium CVE on this package:
+------------------+----------+------+-----------------------------+---------+--------+-----------+--------------------------------------------------+ | CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DESCRIPTION | +------------------+----------+------+-----------------------------+---------+--------+-----------+--------------------------------------------------+ | PRISMA-2023-0056 | medium | 6.20 | github.com/sirupsen/logrus | v1.9.0 | open | 56 days | The github.com/sirupsen/logrus module of all | | | | | | | | | versions is vulnerable to denial of service. | | | | | | | | | Logging more than 64kb of data in a single entry | | | | | | | | | without new... | +------------------+----------+------+-----------------------------+---------+--------+-----------+--------------------------------------------------+
Are there plans to address this?