sentry-go
sentry-go copied to clipboard
Published
20 hours ago •
getsentry
getsentry
Security vulnerabilities report
Summary
On latest master , nancy found 4 vulnerable dependencies with 5 high to critical CVEs.
- pkg:golang/github.com/kataras/iris/[email protected] : CVE-2021-23772 ( CVSS Score : 8.8/10 (High) )
- pkg:golang/github.com/microcosm-cc/[email protected] : CVE-2021-42576 ( CVSS Score : 9.8/10 (Critical )
- pkg:golang/github.com/nats-io/[email protected] : CVE-2020-26892 ( CVSS Score : 9.8/10 (Critical) )
- pkg:golang/github.com/nats-io/[email protected] : CVE-2021-3127 ( CVSS Score : 7.5/10 (High) )
- pkg:golang/github.com/valyala/[email protected] : CVE-2022-21221 ( CVSS Score : 7.5/10 (High) )
Steps To Reproduce
$ git checkout master
$ CGO_ENABLED=0 go list -json -m all | nancy sleuth --skip-update-check --quiet -x /dev/null
...
5 Vulnerable Packages
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Summary ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━┫
┃ Audited Dependencies ┃ 129 ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━╋━━━━━┫
┃ Vulnerable Dependencies ┃ 5 ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━┛
Expected Behavior
Zero security vulnerability found.
$ CGO_ENABLED=0 go list -json -m all | nancy sleuth --skip-update-check --quiet -x /dev/null
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Summary ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━┫
┃ Audited Dependencies ┃ 136 ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━╋━━━━━┫
┃ Vulnerable Dependencies ┃ 0 ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━┛
Environment
- Go version: 1.19
- Nancy version: 1.0.37-1
- sentry-go version: 26ea60338007cb88445870a06353fb79df9d8338
Additional context
This was already reported in multiple issues: #423 #438 #445
