-
-
Notifications
You must be signed in to change notification settings - Fork 390
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2024-0406 Archiver Path Traversal vulnerability #404
Comments
that's only if using 3.5.1, 3.5.2 is good GHSA-rhh4-rh7c-7r5v |
But 3.5.2 is not released yet, it is only available in a fork |
It is not possible to tell vulncheck that Forgejo is not affected by CVE-2024-0406. Use a mirror of the repository to do that. Refs: mholt/archiver#404
It is not possible to tell vulncheck that Forgejo is not affected by CVE-2024-0406. Use a mirror of the repository to do that. Refs: mholt/archiver#404 (cherry picked from commit 3bfec27) Conflicts: go.sum trivial context conflict
It is not possible to tell vulncheck that Forgejo is not affected by CVE-2024-0406. Use a mirror of the repository to do that. Refs: mholt/archiver#404 (cherry picked from commit 3bfec27) Conflicts: go.sum trivial context conflict
@mholt Any chance to publish a |
@mholt I am also looking for the fix of this CVE. Any chance we are going to publish |
I'd also like to see a release of this. Our build is failing with |
@mholt Just checking in again to know if you plan to release the CVE-free version soon. |
@mholt Just rechecking if we will get CVE-free version any time soon? |
https://pkg.go.dev/vuln/GO-2024-2698 was published today and makes https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck fail.
The text was updated successfully, but these errors were encountered: