Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vulnerability warning CVE-2022-24687 #9

Closed
eli-darkly opened this issue Apr 15, 2022 · 1 comment
Closed

vulnerability warning CVE-2022-24687 #9

eli-darkly opened this issue Apr 15, 2022 · 1 comment

Comments

@eli-darkly
Copy link
Contributor

eli-darkly commented Apr 15, 2022
edited
Loading

(This issue is an FYI update from LaunchDarkly)

CVE-2022-24687 appears to be a case of the known issue where the vulnerability is really in the Consul server— not the API client that we're using— but scanners conflate the two due to how Hashicorp's code is organized. So, even though (as we understand it), there is no vulnerability in v1.11.0 of the API client, there is one in v1.11.0 of the server, so in order to stop getting warnings we must update the API client to a newer version. It looks like such a version is available, so we will release a patch ASAP.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eli-darkly