bhamail
commented
3 years ago False positive. We are actually using a newer version of x/net (0.0.0-20190620200207-3b0461eec859), not version 0.0.0-20190404232315-eb5bcb51f2a3
go list -m all | grep 'x/net'
golang.org/x/net v0.0.0-20190620200207-3b0461eec859
Vulnerabilities
DepShield reports that this application's usage of golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 results in the following vulnerability(s):
Occurrences
golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 is a transitive dependency introduced by the following direct dependency(s):
• github.com/spf13:afero:1.3.4 └─ golang.org/x:crypto:0.0.0-20190820162420-60c769a6c586 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ github.com/pkg:sftp:1.10.1 └─ golang.org/x:crypto:0.0.0-20190820162420-60c769a6c586 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3
• github.com/spf13:viper:1.7.1 └─ github.com/bketelsen:crypt:0.0.3-0.20200106085610-5cbc8cc4026c └─ cloud.google.com/go:firestore:1.1.0 └─ cloud.google.com:go:0.46.3 └─ honnef.co/go:tools:0.0.1-2019.2.3 └─ golang.org/x:mod:0.0.0-20190513183733-4bf6d317e70e └─ golang.org/x:crypto:0.0.0-20190510104115-cbcb75029529 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ golang.org/x:exp:0.0.0-20190829153037-c13cbed26979 └─ golang.org/x:mod:0.1.0 └─ golang.org/x:crypto:0.0.0-20190510104115-cbcb75029529 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com/go:pubsub:1.0.1 └─ cloud.google.com:go:0.45.1 └─ cloud.google.com/go:datastore:1.0.0 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com:go:0.44.1 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com/go:bigquery:1.0.1 └─ cloud.google.com:go:0.44.2 └─ cloud.google.com/go:datastore:1.0.0 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com:go:0.44.1 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com/go:datastore:1.0.0 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com:go:0.44.1 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com/go:bigquery:1.0.1 └─ cloud.google.com:go:0.44.2 └─ cloud.google.com/go:datastore:1.0.0 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com:go:0.44.1 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ golang.org/x:exp:0.0.0-20191030013958-a1ab85dbe136 └─ golang.org/x:mod:0.1.0 └─ golang.org/x:crypto:0.0.0-20190510104115-cbcb75029529 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com/go:storage:1.0.0 └─ cloud.google.com:go:0.46.3 └─ honnef.co/go:tools:0.0.1-2019.2.3 └─ golang.org/x:mod:0.0.0-20190513183733-4bf6d317e70e └─ golang.org/x:crypto:0.0.0-20190510104115-cbcb75029529 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ golang.org/x:exp:0.0.0-20190829153037-c13cbed26979 └─ golang.org/x:mod:0.1.0 └─ golang.org/x:crypto:0.0.0-20190510104115-cbcb75029529 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com/go:pubsub:1.0.1 └─ cloud.google.com:go:0.45.1 └─ cloud.google.com/go:datastore:1.0.0 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com:go:0.44.1 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com/go:bigquery:1.0.1 └─ cloud.google.com:go:0.44.2 └─ cloud.google.com/go:datastore:1.0.0 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com:go:0.44.1 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com/go:datastore:1.0.0 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com:go:0.44.1 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com/go:bigquery:1.0.1 └─ cloud.google.com:go:0.44.2 └─ cloud.google.com/go:datastore:1.0.0 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ cloud.google.com:go:0.44.1 └─ google.golang.org:appengine:1.6.1 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3 └─ golang.org/x:crypto:0.0.0-20190605123033-f99c8df09eb5 └─ golang.org/x:net:0.0.0-20190404232315-eb5bcb51f2a3
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.