New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sysdig found high severity vulnerabilities in the dependencies of release 1.32.0 #711

Closed

hcmf-wice opened this issue Nov 14, 2023 · 1 comment

hcmf-wice commented Nov 14, 2023

Describe the bug
Not exactly a bug, but running a Sysdig scan on release 1.32.0 found these vulnerabilities:

CVE-2023-39325 - fix: golang.org/x/net v0.17.0+
CVE-2023-44487 - fix: golang.org/x/net v0.17.0+
CVE-2023-44487 - fix: google.golang.org/grpc v1.56.3+
CVE-2023-3978 - fix: golang.org/x/net v0.17.0+

To Reproduce
Steps to reproduce the behavior:
Run a sysdig scan.

Expected behavior
No high severity vulnerabilities.

Operating System (please complete the following information):

OS: Linux
CPU: amd64
Version: ?
Container: Docker

Owner

tidwall commented Nov 20, 2023 •

edited

Loading

Fixed in v1.32.1. Thanks!

tidwall closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment