Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

x/vulndb: suggestion regarding GO-2022-0578 #3115

Closed
gannett-ggreer opened this issue Sep 4, 2024 · 1 comment
Closed

x/vulndb: suggestion regarding GO-2022-0578 #3115

gannett-ggreer opened this issue Sep 4, 2024 · 1 comment
Assignees
@tatianab
Labels
Suggested Edit

Comments

@gannett-ggreer
Copy link

Report ID

GO-2022-0578

Suggestion/Comment

The GHSA and CVE say this vulnerability was only from v1.8.0 to v1.8.4 but govulncheck is applying this to every version, even the current one. Commit 89edd0b had it correct in data/reports/GO-2022-0578.yaml but incorrect in data/osv/GO-2022-0578.json.

(Additionally, we're only using this Vault package as a client and not as a server with the Google Secrets engine so it triggering at all is unfortunate.)
@tatianab tatianab self-assigned this Sep 4, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/610798 mentions this issue: data/reports: update GO-2022-0578

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@tatianab tatianab

Labels
Suggested Edit
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gannett-ggreer @tatianab @gopherbot