New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Referenced library at go.sum: CVE-2020-26160 #2307
Comments
This has been fixed quite a while ago. |
I think this is a transient dependency, by issuing a
|
It has, yes. I myself have contributed one of the necessary fixes in kubernetes/kubernetes#95692 and another was kubernetes/kubernetes#102755. Note that neither remove the respective dependency from |
Yes, the code should not be used here, but a vulnerability analysis might flag all sources importing it. Thanks for clarifying. |
FWIW, neither |
There is an indirect library referenced at
go.sum
that has been flagged at CVE-2020-26160pkg/go.sum
Line 136 in a00ba48
It should be tracked to find the direct dependencies that use it and upgrade them.
/kind bug
/kind cleanup
The text was updated successfully, but these errors were encountered: