Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vulnerabilities: GO-2022-0968, GO-2021-0356, GO-2021-0227 #39

Merged
merged 1 commit into from
Dec 25, 2023
Merged

Fix vulnerabilities: GO-2022-0968, GO-2021-0356, GO-2021-0227 #39

merged 1 commit into from
Dec 25, 2023

Conversation

alexandear
Copy link
Owner

@alexandear alexandear commented Dec 25, 2023
edited
Loading

Fixes the following vulnerabilities from govulncheck:

Found 3 vulnerabilities in packages that you import, but there are no call
stacks leading to the use of these vulnerabilities. You may not need to
take any action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
for details.

Vulnerability #1: GO-2022-0968
    Panic on malformed packets in golang.org/x/crypto/ssh
  More info: https://pkg.go.dev/vuln/GO-2022-0968
  Module: golang.org/x/crypto
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected][211](https://github.com/alexandear/import-gitlab-commits/actions/runs/7322031451/job/19943077450#step:2:224)202192323-5770296d904e

Vulnerability #2: GO-2021-0356
    Denial of service via crafted Signer in golang.org/x/crypto/ssh
  More info: https://pkg.go.dev/vuln/GO-2021-0356
  Module: golang.org/x/crypto
    Found in: golang.org/x/[email protected][213](https://github.com/alexandear/import-gitlab-commits/actions/runs/7322031451/job/19943077450#step:2:226)623-75b288015ac9
    Fixed in: golang.org/x/[email protected]

Vulnerability #3: GO-2021-0227
    Panic on crafted authentication request message in golang.org/x/crypto/ssh
  More info: https://pkg.go.dev/vuln/GO-2021-0227
  Module: golang.org/x/crypto
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected][216](https://github.com/alexandear/import-gitlab-commits/actions/runs/7322031451/job/19943077450#step:2:229)[223](https://github.com/alexandear/import-gitlab-commits/actions/runs/7322031451/job/19943077450#step:2:236)049-8b5274cf687f

Your code is affected by 1 vulnerability from 1 module.

@alexandear alexandear merged commit dd281b3 into main Dec 25, 2023
4 of 5 checks passed
@alexandear alexandear deleted the fix-GO-2022-0968 branch December 25, 2023 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alexandear