Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High vulnerability in golang.org/x/text #326

Closed
niting3c opened this issue Sep 29, 2021 · 2 comments
Closed

High vulnerability in golang.org/x/text #326

niting3c opened this issue Sep 29, 2021 · 2 comments

Comments

@niting3c
Copy link

golang.org/x/text which has a here vulnerability as reported here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14040

Short-term and Long-term upgrade fix is available in v0.3.7 for golang.org/x/text

Also impacts:
viper
@anthonyfok
Copy link
Contributor

Hi @niting3c,

If I am not mistaken, wasn't CVE-2020-14040 fixed in golang.org/x/text v0.3.3, and the merging of PR #254 in commit 7686d4f updated afero's dependency on golang.org/x/text to v0.3.3 back in August 2020, and was released as afero v1.3.4, and that dependency remains to this day in afero v1.6.0?

That said, there are other fixes that are worth bumping dependency on golang.org/x/text to the newer v0.3.7

@0xmichalis
Copy link
Collaborator

Fixed by #312

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@anthonyfok @0xmichalis @niting3c