php-fpm_exporter icon indicating copy to clipboard operation
php-fpm_exporter copied to clipboard

Published 20 hours ago verified publisher icon hipages

Vulnerability in the software - CVE-2020-14040

Open csib opened this issue 3 years ago • 2 comments

Version: 2.0.4 Details:

+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +-------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | golang.org/x/text | CVE-2020-14040 | HIGH | v0.3.2 | 0.3.3 | golang.org/x/text: possibility | | | | | | | to trigger an infinite loop in | | | | | | | encoding/unicode could lead to... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14040 | +-------------------+------------------+----------+-------------------+---------------+---------------------------------------+

csib avatar Feb 16 '22 12:02 csib

It looks like https://github.com/hipages/php-fpm_exporter/pull/193 should fix this, though that PR will need a rebase to pick up the github action fixes

kierenevans avatar Feb 16 '22 16:02 kierenevans

Vulnerability still exists:

Component Name: golang.org/x/text
Component Version: v0.3.7
golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
Target: php-fpm_exporter
Type: gobinary
Fixed version: 0.3.8

ivan-morhun avatar Jul 20 '23 08:07 ivan-morhun