getmesh icon indicating copy to clipboard operation
getmesh copied to clipboard
verified publisher icon tetratelabs

Bump golang.org/x/net and golang.org/x/net/http2 version to 0.0.0-20220906165146-f3363e06e74c

Open Bjyothi2023 opened this issue 2 years ago • 3 comments

We are seeing CVE-2022-27664 vulnerability reported because of Getmesh having v0.0.0-20210614182718-04defd469f4e

Affected packages are : golang.org/x/net , golang.org/x/net/http2 and golang.org/x/net/http/httpguts version reporting this vulnerability : v0.0.0-20210614182718-04defd469f4e Fix is available in : 0.0.0-20220906165146-f3363e06e74c

I request you to please update all the affected packages mentioned above to fix version 0.0.0-20220906165146-f3363e06e74c

Bjyothi2023 avatar Sep 01 '23 13:09 Bjyothi2023

Hello Team, Could you please help resolving this issue. It is impacting the projects that are using this tool as the Vulnerability scanner are reporting these issues and it is blocking us from proceeding further.

Bjyothi2023 avatar Nov 16 '23 13:11 Bjyothi2023

Hi Team,

Any update on this. We have multiple tickets blocked because of this issue , as our scanners are reporting this vulnerability and we can't proceed further. Requesting you to please prioritise this issue. Thanks in advance.

Bjyothi2023 avatar Nov 21 '23 11:11 Bjyothi2023

One more vulnerbaility CVE-2022-41717 reported because of "golang.org/x/net/http2" version v0.0.0-20210614182718-04defd469f4e.

Fix is available in version 0.4.0 Please update "golang.org/x/net/http2" version to 0.4.0

Bjyothi2023 avatar Nov 21 '23 11:11 Bjyothi2023