High vulnerability in golang.org/x/text #474

niting3c · 2021-09-29T15:33:26Z

golang.org/x/text is being used by golang.org/x/net

golang.org/x/text which has a here vulnerability as reported here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14040

Short-term and Long-term upgrade fix is available in v0.3.7 for golang.org/x/text
Similary update the golang.org/x/net

Akaame · 2021-12-29T08:54:23Z

The x/text package before 0.3.3 for Go has a vulnerability

golang.org/x/net version used in the project (golang.org/x/net v0.0.0-20210428140749-89ef3d95e781) already depends on (golang.org/x/text v0.3.6) though.

Here is the ref to go.mod: https://cs.opensource.google/go/x/net/+/89ef3d95e781148a0951956029c92a211477f7f9:go.mod

snyk also does not report this and go list -m all says that the project depends on v0.3.6.

Inveracity · 2022-03-03T15:09:38Z

It looks like a new vulnerability has found its way to 0.3.6
https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXTEXTINTERNALLANGUAGE-2400718

BooleanCat mentioned this issue Mar 25, 2022

Fix for CVE-2021-38561 #534

Merged

onsi closed this as completed in #534 Mar 25, 2022

antoineco mentioned this issue May 10, 2022

Vulnerability in transient dependency reported by Snyk dprotaso/go-yit#1

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

High vulnerability in golang.org/x/text #474

High vulnerability in golang.org/x/text #474

niting3c commented Sep 29, 2021

Akaame commented Dec 29, 2021

Inveracity commented Mar 3, 2022

High vulnerability in golang.org/x/text #474

High vulnerability in golang.org/x/text #474

Comments

niting3c commented Sep 29, 2021

Akaame commented Dec 29, 2021

Inveracity commented Mar 3, 2022