1
0
Fork 0
mirror of https://github.com/Luzifer/go_helpers.git synced 2024-12-24 13:01:21 +00:00
No description
Find a file
Knut Ahlers 8899d95437
Update dependencies, fix multiple CVEs
Total: 9 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 7, CRITICAL: 0)

┌───────────────────┬────────────────┬──────────┬───────────────────────────────────┬───────────────────────────────────┬──────────────────────────────────────────────────────────────┐
│      Library      │ Vulnerability  │ Severity │         Installed Version         │           Fixed Version           │                            Title                             │
├───────────────────┼────────────────┼──────────┼───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/net  │ CVE-2021-33194 │ HIGH     │ 0.0.0-20210119194325-5f4716e94777 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment           │
│                   │                │          │                                   │                                   │ https://avd.aquasec.com/nvd/cve-2021-33194                   │
│                   ├────────────────┤          │                                   ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                   │ CVE-2021-44716 │          │                                   │ 0.0.0-20211209124913-491a49abca63 │ golang: net/http: limit growth of header canonicalization    │
│                   │                │          │                                   │                                   │ cache                                                        │
│                   │                │          │                                   │                                   │ https://avd.aquasec.com/nvd/cve-2021-44716                   │
│                   ├────────────────┤          │                                   ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                   │ CVE-2022-27664 │          │                                   │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY                    │
│                   │                │          │                                   │                                   │ https://avd.aquasec.com/nvd/cve-2022-27664                   │
│                   ├────────────────┤          │                                   ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                   │ CVE-2022-41723 │          │                                   │ 0.7.0                             │ avoid quadratic complexity in HPACK decoding                 │
│                   │                │          │                                   │                                   │ https://avd.aquasec.com/nvd/cve-2022-41723                   │
│                   ├────────────────┼──────────┤                                   ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                   │ CVE-2021-31525 │ MEDIUM   │                                   │ 0.0.0-20210428140749-89ef3d95e781 │ golang: net/http: panic in ReadRequest and ReadResponse when │
│                   │                │          │                                   │                                   │ reading a very large...                                      │
│                   │                │          │                                   │                                   │ https://avd.aquasec.com/nvd/cve-2021-31525                   │
│                   ├────────────────┤          │                                   ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                   │ CVE-2022-41717 │          │                                   │ 0.4.0                             │ excessive memory growth in a Go server accepting HTTP/2      │
│                   │                │          │                                   │                                   │ requests                                                     │
│                   │                │          │                                   │                                   │ https://avd.aquasec.com/nvd/cve-2022-41717                   │
├───────────────────┼────────────────┼──────────┼───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/text │ CVE-2021-38561 │ HIGH     │ 0.3.5                             │ 0.3.7                             │ out-of-bounds read in golang.org/x/text/language leads to    │
│                   │                │          │                                   │                                   │ DoS                                                          │
│                   │                │          │                                   │                                   │ https://avd.aquasec.com/nvd/cve-2021-38561                   │
│                   ├────────────────┤          │                                   ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                   │ CVE-2022-32149 │          │                                   │ 0.3.8                             │ ParseAcceptLanguage takes a long time to parse complex tags  │
│                   │                │          │                                   │                                   │ https://avd.aquasec.com/nvd/cve-2022-32149                   │
├───────────────────┼────────────────┤          ├───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ gopkg.in/yaml.v3  │ CVE-2022-28948 │          │ 3.0.0-20210107192922-496545a6307b │ 3.0.0-20220521103104-8f96da9f5d5e │ crash when attempting to deserialize invalid input           │
│                   │                │          │                                   │                                   │ https://avd.aquasec.com/nvd/cve-2022-28948                   │
└───────────────────┴────────────────┴──────────┴───────────────────────────────────┴───────────────────────────────────┴──────────────────────────────────────────────────────────────┘

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2023-06-16 11:41:01 +02:00
.github/workflows Drop support for Go 1.18 in tests 2023-03-18 15:38:40 +01:00
accessLogger Fix TIP version error: Sprintf format %s has arg of wrong type byte 2017-11-05 14:50:12 +01:00
backoff Add convenience wrapper around property sets 2020-08-07 14:30:56 +02:00
cli Fix: Prevent panics when no arguments are given 2023-05-19 14:15:02 +02:00
duration Add time.Duration formatter 2016-12-23 15:23:53 +01:00
env Fix: Do not panic on weird env list entries 2021-03-09 23:25:57 +01:00
fieldcollection Add fieldcollection helper 2021-11-20 21:30:58 +01:00
file Add file.FSStack implementation 2023-06-10 16:58:44 +02:00
float Update imports to v2 import paths 2021-02-06 22:39:17 +01:00
github Add github-binary update helper 2016-10-12 23:48:12 +02:00
http Add http.LogRoundTripper helper for request debugging 2023-02-06 15:47:21 +01:00
position Update imports to v2 import paths 2021-02-06 22:39:17 +01:00
splitter Add output splitter 2018-04-23 12:24:16 +02:00
str Update imports to v2 import paths 2021-02-06 22:39:17 +01:00
time Add helpers to parse time strings using multiple formats at once 2018-07-05 10:09:39 +02:00
which Update imports to v2 import paths 2021-02-06 22:39:17 +01:00
yaml Add a YAML to JSON converter as yaml-helper 2018-06-07 10:59:15 +02:00
go.mod Update dependencies, fix multiple CVEs 2023-06-16 11:41:01 +02:00
go.sum Update dependencies, fix multiple CVEs 2023-06-16 11:41:01 +02:00
History.md prepare release v2.18.0 2023-06-10 16:59:02 +02:00
LICENSE Add a license file 2018-08-06 13:50:54 +02:00