[ENHANCEMENTS] Potential security issues #55
Labels
enhancement
New feature or request
Comments
|
Thanks for the tips. I will be replacing all of the satori/go.uuid with google/uuid instead. |
|
The scan also now shows that x/net 0.11.0 has a vulnerability that could allow for cross-site script attacks: https://scout.docker.com/vulnerabilities/id/CVE-2023-3978?utm_source=hub&utm_medium=ExternalLink. Updating to a newer version (0.13.0+) appears to be the best course of action as shown in https://pkg.go.dev/golang.org/x/net?tab=versions I don't think the implications of this one are that worry-some because that would require a weirdly specific case scenario but I guess having minimal security exploits is a good thing |
PassiveLemon
changed the title
|
Fixed in v2.6.6 (go.mod updated and replaced all satori uuid with google uuid module) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After getting the image scanned in Dockerhub, this critical CVE showed up. It has to do with the satori/go.uuid module that is being used and should be replaced! gofrs/uuid appears to be a safe replacement but there are plenty of others so I'll leave this up to you since you are the developer of Zoraxy.
The text was updated successfully, but these errors were encountered: