Logrus potential DOS - Please open a CVE for issue #1370 to encourage users to patch #1400

vsabella · 2023-08-23T03:18:19Z

Team,

Issue #1370 was identified by private vulnerability databases for example, Twistlock/Prismacloud (PRISMA-2023-0056)
However to get most open-source projects to update to the fixed version (v1.9.3) they require an actual CVE.
Would you consider opening an actual CVE against your <= 1.9.2 releases?

cb-axon · 2023-08-25T16:56:23Z

Just so that you are aware, you can easily request/get CVEs through GitHub by following these instructions: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/creating-a-repository-security-advisory

https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/publishing-a-repository-security-advisory#requesting-a-cve-identification-number-optional

github-actions · 2023-09-25T01:45:17Z

This issue is stale because it has been open for 30 days with no activity.

github-actions · 2023-10-10T01:45:08Z

This issue was closed because it has been inactive for 14 days since being marked as stale.

github-actions bot added the stale label Sep 25, 2023

github-actions bot closed this as completed Oct 10, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Logrus potential DOS - Please open a CVE for issue #1370 to encourage users to patch #1400

Logrus potential DOS - Please open a CVE for issue #1370 to encourage users to patch #1400

vsabella commented Aug 23, 2023

cb-axon commented Aug 25, 2023

github-actions bot commented Sep 25, 2023

github-actions bot commented Oct 10, 2023

Logrus potential DOS - Please open a CVE for issue #1370 to encourage users to patch #1400

Logrus potential DOS - Please open a CVE for issue #1370 to encourage users to patch #1400

Comments

vsabella commented Aug 23, 2023

cb-axon commented Aug 25, 2023

github-actions bot commented Sep 25, 2023

github-actions bot commented Oct 10, 2023