-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/gravitational/teleport: CVE-2022-36633, GHSA-6xf3-5hp7-xqqg #984
Comments
This does not seem to be importable in the classical sense that vulnerability tools can detect as a dependency. All the places where this module is imported seem to fork this repo. Also, the go.mod file is not following the module naming scheme when it comes to major versions >= 2. For instance: or
|
Change https://go.dev/cl/431196 mentions this issue: |
Fixes #984 Change-Id: Iebe0c3a8765d5a67641cc941fd9b4fe7572f6e72 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/431196 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Change https://go.dev/cl/592774 mentions this issue: |
In GitHub Security Advisory GHSA-6xf3-5hp7-xqqg, there is a vulnerability in the following Go packages or modules:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: