Critical Vulnerabilities in timescale libraries

[udesaiitrs]

Critical CVEs Found in Timescaledb-HA docker imaage

Description

We have identified several critical Common Vulnerabilities and Exposures (CVEs) in [Component Name] used in our project. These vulnerabilities pose significant security risks and need to be addressed urgently.

Affected Components

• timescaledb-tune
• timescaledb-parallel-copy
• golang.org/x/crypto (v0.0.0-20210711020723-a769d52b0f97)
  • GHSA-gwc9-m7rh-j2ww (High)
  • GHSA-8c26-wmh5-6g9v (High)
• golang.org/x/text (v0.3.7)
  • GHSA-69ch-w2m2-3vjp (High)
• stdlib / go1.19.1

See the attached pdf with the full list of scan output. Tool used was grype.

We request immediate attention to this issue due to the critical nature of these vulnerabilities.

pg14.12-ts2.15.2.pdf