WS-2019-0030 (Medium) detected in github.com/tenortim/goisilon-3abc0c276e3b6d1d29beea4cad85983a164b5c38, github.com/akutz/gournal-v0.5.0 - autoclosed

[mend-bolt-for-github[bot]]

WS-2019-0030 - Medium Severity Vulnerability

Vulnerable Libraries - github.com/tenortim/goisilon-3abc0c276e3b6d1d29beea4cad85983a164b5c38, github.com/akutz/gournal-v0.5.0

github.com/tenortim/goisilon-3abc0c276e3b6d1d29beea4cad85983a164b5c38

Isilon package that provides API bindings for Go

Dependency Hierarchy: - :x: **github.com/tenortim/goisilon-3abc0c276e3b6d1d29beea4cad85983a164b5c38** (Vulnerable Library)

github.com/akutz/gournal-v0.5.0

Gournal (pronounced "Journal") is a Context-aware logging facade for Go.

Dependency Hierarchy: - github.com/tenortim/goisilon-3abc0c276e3b6d1d29beea4cad85983a164b5c38 (Root Library) - github.com/tenortim/goisilon/api-3abc0c276e3b6d1d29beea4cad85983a164b5c38 - :x: **github.com/akutz/gournal-v0.5.0** (Vulnerable Library)

Found in HEAD commit: c57fd737be5e61ee40d7d1de40e8fa0e91e67a6d

Vulnerability Details

Commit b7391e95 fixes a vulnerability in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages that affects large message sizes or high counter values.

Publish Date: 2019-03-24

URL: WS-2019-0030

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://go-review.googlesource.com/c/crypto/+/168406/

Release Date: 2019-03-24

Fix Resolution: commit b7391e95e576cacdcdd422573063bc057239113d

---

Step up your Open Source Security Game with WhiteSource here

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.