Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Please upgrade goproxy Denial of Service vulnerability #826

Closed
mixeract opened this issue Aug 10, 2023 · 0 comments · Fixed by #832
Closed

Please upgrade goproxy Denial of Service vulnerability #826

mixeract opened this issue Aug 10, 2023 · 0 comments · Fixed by #832

Comments

@mixeract
Copy link

github.com/elazarl/goproxy had fixed an issue with v1.1 that can cause a denial of service.

go mod graph  |grep github.com/elazarl/goproxy
github.com/go-git/go-git/v5@v5.8.1 github.com/elazarl/goproxy@v0.0.0-20221015165544-a0805db90819

The patched version is 0.0.0-20230731152917-f99041a5c027
@svghadi svghadi mentioned this issue Aug 29, 2023
Merged
svghadi added a commit to svghadi/go-git that referenced this issue Aug 29, 2023
@svghadi
*: Bump goproxy dep. Fixes go-git#826
f71a449 
CVE-2023-37788 is patched in goproxy v0.0.0-20230731152917-f99041a5c027

Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>
traidare pushed a commit to traidare/go-git that referenced this issue Oct 26, 2024
@svghadi
*: Bump goproxy dep. Fixes go-git#826
e974cec 
CVE-2023-37788 is patched in goproxy v0.0.0-20230731152917-f99041a5c027

Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update goproxy dependency to fix CVE-2023-37788 vulnerability svghadi/go-git
1 participant
@mixeract