Latest azure-resource-manager image is vulnerable (TAG 24.3.0)- GHSA-8r3f-844c-mc37 - Githubissues

webdevops / azure-resourcemanager-exporter

Prometheus exporter for Azure ResourceManager informations (infos, quotas, limits, usages, public IPs, portscanner)

MIT License

30 stars 17 forks source link

Latest azure-resource-manager image is vulnerable (TAG 24.3.0)- GHSA-8r3f-844c-mc37 #109

Open atiasadir opened 2 months ago

atiasadir commented 2 months ago

Hey Everyone,

currently tag 24.3.0 is vulnerable due to this package google.golang.org/protobuf v1.32.0

protobuf v1.32.0 : This release contains commit https://github.com/protocolbuffers/protobuf-go/commit/bfcd6476a38e41247d6bb43dc8f00b23ec9fffc2, which fixes a denial of service vulnerability by preventing a stack overflow through a default maximum recursion limit. See https://github.com/golang/protobuf/issues/1583 and https://github.com/golang/protobuf/issues/1584 for details.

For more info, see here -

BR, Adir Atias.

atiasadir commented 2 months ago

Hey @mblaschke

I added pull request to deal with this issue #110

LMK if I can help more