New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terraform goutils library critical vulnerability CVE-2021-4238 #32606
Comments
Same error here! |
Related: #32188 |
Thanks for the report! Per the devs' initial review, the CVE does not affect Terraform's usage of the library, so it is effectively a false positive. That said, we will endeavor to upgrade the library at the earliest convenience. Thanks for bringing it to our attention. |
This will be fixed in the next 1.3 patch release. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Terraform Version
Terraform Configuration Files
Debug Output
Expected Behavior
Terraform binary file passed vulnerability scans
Actual Behavior
Multiple vulnerability scanners (for example Trivy, Grype) are finding critical vulnerability ( CVE-2021-4238 ) in Masterminds/goutils v1.1.0 library used by latest terraform. This is blocking our build pipelines (we are building docker images with terraform inside)
Steps to Reproduce
Additional Context
This can be easy fixed by updating github.com/Masterminds/goutils library to v1.1.1
References
No response
The text was updated successfully, but these errors were encountered: