New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New CVEs Pertaining to Go Version #112

Closed

jtk94 opened this issue Aug 17, 2022 · 1 comment

jtk94 commented Aug 17, 2022 •

edited

Loading

Vulnerability scans using Twistlock are showing the following CVEs, all pertaining to go-1.17.7:

CVE-2022-1705
CVE-2022-1962
CVE-2022-28131
CVE-2022-30580
CVE-2022-30629
CVE-2022-30630
CVE-2022-30631
CVE-2022-30632
CVE-2022-30633

None of these findings are currently listed in #104. Can you confirm that these CVEs do not apply to builds of gosu?

The text was updated successfully, but these errors were encountered:

tianon mentioned this issue

CVEs that do not apply to gosu #104

Closed

Owner

tianon commented Aug 17, 2022

Thanks, added!

CVE-2022-1705: does not use net/http (#112)
CVE-2022-1962: no deeply nested types (#112)
CVE-2022-28131: does not use encoding/xml (#112)
CVE-2022-30580: does not (could not?) support GOOS=windows (#112)
CVE-2022-30629: does not use crypto/tls (#112)
CVE-2022-30630: does not use file globbing (#112)
CVE-2022-30631: does not use compress/gzip (#112)
CVE-2022-30632: does not use file globbing (#112)
CVE-2022-30633: does not use encoding/xml (#112)

tianon closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment