Security Vulnerability: Update grpc version to at least 1.58.3 #431
Comments
RohanNagar
changed the title
|
But grpcurl doesn't act as an http server? So how are we actually vulnerable? |
|
In other words, I don't see any urgency on this. Dependabot will eventually push an update. |
|
Agreed that the vulnerability shouldn't actually affect grpcurl. Unfortunately, security scanners are flagging this for us so we are looking to have the package upgraded. |
|
+1 |
|
+1 . Please :) |
|
This was already fixed here: #427 |
|
@dragonsinth any idea when the next release will be? |
|
IDK, I guess we could do one soon. I figure anyone who super-cares can build from code using the latest Go, to also pull in any hypothetical Golang fixes. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Recently a CVE was discovered which affects the current version of grpc used by this tool.
GHSA-m425-mq94-257g
Please update
google.golang.org/grpcto1.58.3or higher.The text was updated successfully, but these errors were encountered: