-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-29526 - golang.org/x/sys #15
Comments
Hi, I've experienced the same when scanning a Docker image that was built using webdevops/php-nginx:8.2 in AWS Inspector. The scan shows that the vulnerability CVE-2022-29526 exists on /usr/local/bin/go-replace. It looks like the go-replace's dependency github.com/jessevdk/go-flags which is using the golang.org/x/sys package hasn't updated their dependencies. |
Hi, It seems to be in go.mod but is marked as indirect. Maybe I should open a issue into go-flags to update the sys package dependencies ? EDIT: An issues has already been opened in the package and the recommandation seems to uses another fork package : go-flags-fork with golang.org/x/sys v0.10.0 as dependancy. |
No news, last commit / release a year ago. Dead project? |
Hello,
When scanning a Docker image from webdevops with any inspector (eg: AWS Inspector). It only has one CVE remaining in the image.
CVE-2022-29526 on file path: usr/local/bin/go-replace.
The recommanded remediation is :
Upgrade your installed software packages to the proposed fixed in version and release.
Is it possible to upgrade this package to 0.1.0 ? Actually it is
v0.0.0-20220928140112-f11e5e49a4ec
Regards.
The text was updated successfully, but these errors were encountered: