elasticsearch_exporter icon indicating copy to clipboard operation
elasticsearch_exporter copied to clipboard

Published 20 hours ago verified publisher icon prometheus-community

CVE-2021-44716

Open giondo opened this issue 3 years ago • 3 comments

we got this CVE impacting the latest elasticsearch exporter https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44716

can anyone look into it ?

Thank you in advance

giondo avatar Feb 07 '22 11:02 giondo

CVE-2021-41772: go CVE-2021-41771: go CVE-2021-29923: go

also these ones should I open one issue per cve ?

giondo avatar Feb 07 '22 11:02 giondo

Hi, in regards to the original CVE listed and the others added in the 2nd comment there also appears to be many vulnerabilities affecting the use of golang pre 1.17.8. It looks like the version to be using at present is 1.17.8.1 or higher. Is there any indication of a fix being applied and an ETA of that? thanks.

ihendry2 avatar Apr 05 '22 10:04 ihendry2

We ran a twistlock scan thats hitting on a few go CVE's: CVE-2023-39320 CVE-2023-39321 CVE-2023-39322

dpericaxon avatar Oct 04 '23 14:10 dpericaxon