New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Sysdig found high severity vulnerabilities in the dependencies of release 1.32.0 #711

Closed

hcmf-wice opened this issue Nov 14, 2023 · 1 comment

hcmf-wice commented Nov 14, 2023

Describe the bug
Not exactly a bug, but running a Sysdig scan on release 1.32.0 found these vulnerabilities:

CVE-2023-39325 - fix: golang.org/x/net v0.17.0+
CVE-2023-44487 - fix: golang.org/x/net v0.17.0+
CVE-2023-44487 - fix: google.golang.org/grpc v1.56.3+
CVE-2023-3978 - fix: golang.org/x/net v0.17.0+

To Reproduce
Steps to reproduce the behavior:
Run a sysdig scan.

Expected behavior
No high severity vulnerabilities.

Operating System (please complete the following information):

OS: Linux
CPU: amd64
Version: ?
Container: Docker

Owner

tidwall commented Nov 20, 2023 •

edited

Loading

Fixed in v1.32.1. Thanks!

tidwall closed this as completed

# for free to join this conversation on GitHub. Already have an account? # to comment