Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Report the use of components with vulnerabilities in vitess #15903

Closed
HouqiyuA opened this issue May 9, 2024 · 2 comments
Closed

Report the use of components with vulnerabilities in vitess #15903

HouqiyuA opened this issue May 9, 2024 · 2 comments
Labels
Needs Triage This issue needs to be correctly labelled and triaged Type: Bug

Comments

@HouqiyuA
Copy link

HouqiyuA commented May 9, 2024

Overview of the Issue

Dear Team Members:
Greetings! Our team is very interested in your project. we performed source code perspective security analysis (SCA) and vulnerability library association analysis on this project and found that components with vulnerabilities are still being used into this project.We would like to report this issue to you,so that you can fix and improve it accordingly. I add the details in json file below. Please confirm whether this problem really exists and confirm with us. Looking forward to hearing from you and discussing more details with us, thank you very much for your time and attention.

Note: Each "affect_components" field in the report represents the vulnerable component introduced by this project. The other is the vulnerability information associated with it.

Qiyu Hou

vitess-main_report.json

Reproduction Steps

None

Binary Version

None

Operating System and Environment details

None

Log Fragments

None
@HouqiyuA HouqiyuA added Needs Triage This issue needs to be correctly labelled and triaged Type: Bug labels May 9, 2024
@dbussink
Copy link
Contributor

dbussink commented May 9, 2024

@HouqiyuA I looked at the json, but it talks only about consul API for a really old version. We're on a way newer one. So I think this is a false positive?

@dbussink
Copy link
Contributor

dbussink commented May 9, 2024

https://nvd.nist.gov/vuln/detail/CVE-2022-29153 is the referenced on in the document.

@dbussink dbussink closed this as completed May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Needs Triage This issue needs to be correctly labelled and triaged Type: Bug
Projects
None yet
Development

No branches or pull requests

2 participants