Upgrade go-retryablehttp to 0.7.7 to address Security vulnerability #3700
Assignees
Labels
bug
Something isn't working
Comments
|
@Rizwana777 why is this closed ? i still see the vulnerable version |
I have raised PR against release branch and the release branch have some problem in packages and I couldn't push my changes to the closed PR above, and also as per the comments on other PRs , we need to raise a PR against release branch which will be cherry picked to release brach, I have raised a new PR against branch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
The outdated versions of
go-retryablehttpare vulnerable to CVE-2024-6104, which has been categorised as Moderate.Motivation
The issue affects the url which might write sensitive information to log file
Proposal
The recommended solution is to upgrade the version of
go-retryablehttpto0.7.7for versionsv1.6.0,masterbranches.The text was updated successfully, but these errors were encountered: