Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump x/net to 0.33.0 to mitigate CVE-2024-45338 #403

Merged
merged 2 commits into from
Dec 20, 2024
Merged

chore: bump x/net to 0.33.0 to mitigate CVE-2024-45338 #403

merged 2 commits into from
Dec 20, 2024

Conversation

bcho
Copy link
Contributor

@bcho bcho commented Dec 20, 2024
edited
Loading

Seems like the dependaboat is failing to create auto-bump PR for cve-2024-45338 at this moment. Creating this PR for bumping this dependency manually. Guard is not affected by this vulnerability.

@bcho bcho requested a review from a team as a code owner December 20, 2024 19:21
@bcho
Copy link
Contributor Author

bcho commented Dec 20, 2024

Latest scanning result from govulncheck:

Scanning your binary for known vulnerabilities...

Fetching vulnerabilities from the database...

Checking the binary against the vulnerabilities...

=== Symbol Results ===

No vulnerabilities found.

=== Package Results ===

Vulnerability #1: GO-2024-2631
    Decompression bomb vulnerability in github.com/go-jose/go-jose
  More info: https://pkg.go.dev/vuln/GO-2024-2631
  Module: gopkg.in/square/go-jose.v2
    Found in: gopkg.in/square/[email protected]
    Fixed in: N/A

=== Module Results ===

Vulnerability #1: GO-2022-0646
    CBC padding oracle issue in AWS S3 Crypto SDK for golang in
    github.com/aws/aws-sdk-go
  More info: https://pkg.go.dev/vuln/GO-2022-0646
  Module: github.com/aws/aws-sdk-go
    Found in: github.com/aws/[email protected]
    Fixed in: N/A

Vulnerability #2: GO-2022-0635
    In-band key negotiation issue in AWS S3 Crypto SDK for golang in
    github.com/aws/aws-sdk-go
  More info: https://pkg.go.dev/vuln/GO-2022-0635
  Module: github.com/aws/aws-sdk-go
    Found in: github.com/aws/[email protected]
    Fixed in: N/A

Your code is affected by 0 vulnerabilities.
This scan also found 1 vulnerability in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.

weinong
weinong approved these changes Dec 20, 2024
View reviewed changes
Copy link
Contributor

@weinong weinong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@weinong weinong merged commit d6cc329 into kubeguard:master Dec 20, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weinong weinong weinong approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bcho @weinong