rcon-cli icon indicating copy to clipboard operation
rcon-cli copied to clipboard

Published 20 hours ago verified publisher icon gorcon

Critical Vulnerability in the rcon-cli binary

Open thijsvanloef opened this issue 1 year ago • 4 comments

Hi! first of all, thank you for creating this package, i've included it by default in my Palworld docker container. I did however find something worth noting.

The binary uses stdlib v1.19.3 which includes multiple Critical and High vulnerabilities. image

Would it be possible to provide a release with the stdlib updated to a more recent version?

Thanks in advance

thijsvanloef avatar Jan 27 '24 20:01 thijsvanloef

Since this is a standard go library, the solution should be to simply upgrade go in the build.yml workflow and rebuild the binary if i'm not mistaken.

thijsvanloef avatar Jan 27 '24 22:01 thijsvanloef

+1 on this.

jammsen avatar Jan 29 '24 10:01 jammsen

Hey @outdead is there any eta known on when this CVE gets fixed?

jammsen avatar Feb 09 '24 16:02 jammsen

Hey @outdead - Now its 3 critical and 18 high CVEs in only that package.

Can you please share an eta on when this will be fixed?

image

@thijsvanloef FYI

jammsen avatar Feb 19 '24 14:02 jammsen