Please upgrade Go / Go Libraries - multiple vulnerabilities detected
sean-physna opened this issue · comments
Several vulnerabilities in gcsfuse were detected by Artifact Registry's vuln scanner.
High Severity:
- CVE-2023-39325 - fixed in x/net/html v0.17.0 or go1.21.3
- CVE-2023-44487 - also fixed in x/net/html v0.17.0 or go1.21.3
- GHSA-m425-mq94-257g - fixed in grpc v1.56.3
Moderate Severity:
- CVE-2023-3978 - fixed in x/net/html > 0.13.0
Please consider upgrading Go and/or appropriate libraries.
Hi @sean-physna ,
Thank you for bringing this issue to our attention. We're pleased to inform you that this issue will be addressed in the upcoming release, v1.3.0
Thanks,
Tulsi Shah
Fixed as part of GCSFuse v1.3.0. Closing this issue.