search

treasure-data / omnibus-td-agent

td-agent (Fluentd) Packaging Scripts
https://docs.treasuredata.com/articles/td-agent-changelog
Apache License 2.0
82 stars 131 forks source link

Vulnerablity issue CVE-2020-10663 #266

Closed mayankmohan11 closed 4 years ago

mayankmohan11 commented 4 years ago

hi,

Hi, One vulnerability is reported on json-2.0.4 - CVE-2020-10663 So what is the recommendation? Is this vulnerability really applicable?

repeatedly commented 4 years ago

No problem because latest td-agent 3/4 doesn't have this problem.

mayankmohan11 commented 4 years ago

we are using td-agent 3.8.0

repeatedly commented 4 years ago

You know td-agent 3.8.0 uses ruby 2.4.10 and ruby 2.4.10 doesn't have this problem. Maybe, your security scanner has a problem. https://github.com/treasure-data/omnibus-td-agent/issues/265 is also false alert.