Closed mend-bolt-for-github[bot] closed 2 years ago
:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
WS-2019-0030 - Medium Severity Vulnerability
Vulnerable Libraries - github.com/tenortim/goisilon-3abc0c276e3b6d1d29beea4cad85983a164b5c38, github.com/akutz/gournal-v0.5.0
github.com/tenortim/goisilon-3abc0c276e3b6d1d29beea4cad85983a164b5c38
Isilon package that provides API bindings for Go
Dependency Hierarchy: - :x: **github.com/tenortim/goisilon-3abc0c276e3b6d1d29beea4cad85983a164b5c38** (Vulnerable Library)
github.com/akutz/gournal-v0.5.0
Gournal (pronounced "Journal") is a Context-aware logging facade for Go.
Dependency Hierarchy: - github.com/tenortim/goisilon-3abc0c276e3b6d1d29beea4cad85983a164b5c38 (Root Library) - github.com/tenortim/goisilon/api-3abc0c276e3b6d1d29beea4cad85983a164b5c38 - :x: **github.com/akutz/gournal-v0.5.0** (Vulnerable Library)
Found in HEAD commit: c57fd737be5e61ee40d7d1de40e8fa0e91e67a6d
Vulnerability Details
Commit b7391e95 fixes a vulnerability in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages that affects large message sizes or high counter values.
Publish Date: 2019-03-24
URL: WS-2019-0030
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://go-review.googlesource.com/c/crypto/+/168406/
Release Date: 2019-03-24
Fix Resolution: commit b7391e95e576cacdcdd422573063bc057239113d
Step up your Open Source Security Game with WhiteSource here