Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Facing vulnerability with stdlib and google.golang.org/grpc #211

Open
rujutaghanekar opened this issue Jul 25, 2024 · 2 comments
Open

Facing vulnerability with stdlib and google.golang.org/grpc #211

rujutaghanekar opened this issue Jul 25, 2024 · 2 comments

Comments

@rujutaghanekar
Copy link

rujutaghanekar commented Jul 25, 2024
edited
Loading

Facing vulnerability with stdlib package

  • CVE-2024-24791
  • Present in golang 1.22.4 version
  • Fixed in golang 1.22.5 version

Facing vulnerability with google.golang.org/grpc

We use grpc-health-probe in our project.
Our scans are failing because of mentioned vulnerabilities.
Please update package and golang versions.
@ahmetb
Copy link
Collaborator

ahmetb commented Jul 26, 2024

gPRC-go module is already updated to 1.65. And http/1.1 vuln doesn't impact grpc, so it's irrelevant.

@trend-shihyi-wu
Copy link

Currently, we are also using the grpc-health-probe tool in our project, and we encountered a failed security scan due to the mentioned vulnerability.
If possible, we would appreciate an update as soon as possible.
Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ahmetb @rujutaghanekar @trend-shihyi-wu