Update google/gnxi dependency

[pkthapa]

Please direct all support questsions to slack or the forums. Thank you.

Docker is a software container platform which is used to run applications side by side within isolated containers. There exists a vulnerability due to the unprotected TCP socket where an attacker can create a Docker container with read and write permissions on the host server enabling them to edit files owned by root.

Impacted version: https://github.com/moby/moby/tree/v1.13.1

Reported by Blackduck scan.
Issue reference: google/gnxi#356

[telegraf-tiger]

Hello! I recommend posting this question in our Community Slack or Community Forums, we have a lot of talented community members there who could help answer your question more quickly. You can also learn more about Telegraf by enrolling at InfluxDB University for free!

Heads up, this issue will be automatically closed after 7 days of inactivity. Thank you!

[powersj]

Hi,

I would really appreciate next time if you would use the security reporting method defined in the repo security policy. Additionally, it would be very helpful is you provided a link to the actual CVE and not only the output from a scanner.

There exists a vulnerability due to the unprotected TCP socket where an attacker can create a Docker container with read and write permissions on the host server enabling them to edit files owned by root.

Telegraf is not used to run, create, or delete containers.

Telegraf references github.com/docker/docker still, which is on version v24.0.6+incompatible, much later than version v1.13.1.

You mention the dependency google/gnxi, which did appear to be using this older module until yesterday. However, that dependency is used in our gnmi input, which is not involved in docker containers either.

I will merge your PR as an update to google/gnxi dependency, once you update your PR.