appengine icon indicating copy to clipboard operation
appengine copied to clipboard

Published 20 hours ago verified publisher icon golang

CVE-2024-24786

Open lewijw opened this issue 1 year ago • 0 comments

There is a security issue with google.golang.org/protobuf:

https://nvd.nist.gov/vuln/detail/CVE-2024-24786

It was fixed with this commit: https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023

So, google.golang.org/protobuf should be upgraded to 1.33.0. Also, github.com/golang/protobuf version 1.5.4 uses the fixed version of google.golang.org/protobuf. That should be upgraded too.

lewijw avatar Mar 18 '24 15:03 lewijw