tabacws-sandbox / mattermost-golang

https://github.com/mattermost/mattermost-server
Other
0 stars 0 forks source link

golang.org/x/image-v0.0.0-20211028202545-6944b10bf410: 1 vulnerabilities (highest severity is: 6.5) #299

Open mend-for-github-com[bot] opened 4 months ago

mend-for-github-com[bot] commented 4 months ago
Vulnerable Library - golang.org/x/image-v0.0.0-20211028202545-6944b10bf410

Library home page: https://proxy.golang.org/golang.org/x/image/@v/v0.0.0-20211028202545-6944b10bf410.zip

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Found in HEAD commit: fd9fc1baf3cd86beecdfe1d4b962b3e768b4ff92

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (golang.org/x/image-v0.0.0 version) Remediation Possible**
CVE-2024-24792 Medium 6.5 golang.org/x/image-v0.0.0-20211028202545-6944b10bf410 Direct github.com/golang/image-v0.18.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-24792 ### Vulnerable Library - golang.org/x/image-v0.0.0-20211028202545-6944b10bf410

Library home page: https://proxy.golang.org/golang.org/x/image/@v/v0.0.0-20211028202545-6944b10bf410.zip

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy: - :x: **golang.org/x/image-v0.0.0-20211028202545-6944b10bf410** (Vulnerable Library)

Found in HEAD commit: fd9fc1baf3cd86beecdfe1d4b962b3e768b4ff92

Found in base branch: master

### Vulnerability Details

Parsing a corrupt or malicious image with invalid color indices can cause a panic.

Publish Date: 2024-06-27

URL: CVE-2024-24792

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://pkg.go.dev/vuln/GO-2024-2937

Release Date: 2024-01-31

Fix Resolution: github.com/golang/image-v0.18.0

:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.

:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.