Logrus potential DOS - Please open a CVE for issue #1370 to encourage users to patch

sirupsen / logrus

Structured, pluggable logging for Go.

MIT License

24.8k stars 2.27k forks source link

Logrus potential DOS - Please open a CVE for issue #1370 to encourage users to patch #1400

Closed vsabella closed 1 year ago

vsabella commented 1 year ago

Team,

Issue #1370 was identified by private vulnerability databases for example, Twistlock/Prismacloud (PRISMA-2023-0056) However to get most open-source projects to update to the fixed version (v1.9.3) they require an actual CVE. Would you consider opening an actual CVE against your <= 1.9.2 releases?

cb-axon commented 1 year ago

Just so that you are aware, you can easily request/get CVEs through GitHub by following these instructions: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/creating-a-repository-security-advisory

https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/publishing-a-repository-security-advisory#requesting-a-cve-identification-number-optional

github-actions[bot] commented 1 year ago

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] commented 1 year ago

This issue was closed because it has been inactive for 14 days since being marked as stale.