golang_protobuf_extensions icon indicating copy to clipboard operation
golang_protobuf_extensions copied to clipboard

Published 20 hours ago verified publisher icon matttproud

Replaced deprecated protobuf dependency, with vulnerability

Open Lepidopteron opened this issue 3 years ago • 1 comments

Go Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation https://nvd.nist.gov/vuln/detail/CVE-2021-3121

Lepidopteron avatar Feb 11 '22 18:02 Lepidopteron

Can you please furnish a link that does not require a login?

Tobias Baube @.***> schrieb am Fr. 11. Feb. 2022 um 19:29:

CVE-2021-3121 - https://dependencies.abaservices.ch/vulnerability/?source=NVD&vulnId=CVE-2021-3121

You can view, comment on, or merge this pull request online at:

https://github.com/matttproud/golang_protobuf_extensions/pull/16 Commit Summary

File Changes

(2 files https://github.com/matttproud/golang_protobuf_extensions/pull/16/files)

Patch Links:

https://github.com/matttproud/golang_protobuf_extensions/pull/16.patch

  • https://github.com/matttproud/golang_protobuf_extensions/pull/16.diff

— Reply to this email directly, view it on GitHub https://github.com/matttproud/golang_protobuf_extensions/pull/16, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAALIRINOJW6LO4LWU4RDT3U2VIQNANCNFSM5OFATHAA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you are subscribed to this thread.Message ID: @.***>

matttproud avatar Feb 11 '22 18:02 matttproud