Open mend-for-github-com[bot] opened 4 months ago
Library home page: https://proxy.golang.org/golang.org/x/image/@v/v0.0.0-20211028202545-6944b10bf410.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Found in HEAD commit: fd9fc1baf3cd86beecdfe1d4b962b3e768b4ff92
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Dependency Hierarchy: - :x: **golang.org/x/image-v0.0.0-20211028202545-6944b10bf410** (Vulnerable Library)
Found in base branch: master
Parsing a corrupt or malicious image with invalid color indices can cause a panic.
Publish Date: 2024-06-27
URL: CVE-2024-24792
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://pkg.go.dev/vuln/GO-2024-2937
Release Date: 2024-01-31
Fix Resolution: github.com/golang/image-v0.18.0
:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.
Library home page: https://proxy.golang.org/golang.org/x/image/@v/v0.0.0-20211028202545-6944b10bf410.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Found in HEAD commit: fd9fc1baf3cd86beecdfe1d4b962b3e768b4ff92
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-24792
### Vulnerable Library - golang.org/x/image-v0.0.0-20211028202545-6944b10bf410Library home page: https://proxy.golang.org/golang.org/x/image/@v/v0.0.0-20211028202545-6944b10bf410.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy: - :x: **golang.org/x/image-v0.0.0-20211028202545-6944b10bf410** (Vulnerable Library)
Found in HEAD commit: fd9fc1baf3cd86beecdfe1d4b962b3e768b4ff92
Found in base branch: master
### Vulnerability DetailsParsing a corrupt or malicious image with invalid color indices can cause a panic.
Publish Date: 2024-06-27
URL: CVE-2024-24792
### CVSS 3 Score Details (6.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://pkg.go.dev/vuln/GO-2024-2937
Release Date: 2024-01-31
Fix Resolution: github.com/golang/image-v0.18.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.