Giters

cloudflare / cloudflared

Cloudflare Tunnel client (formerly Argo Tunnel)

Home Page:https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Update packages containing critical vulnerabilities

lkkuma opened this issue · comments

commented

While working on building Docker images, Docker Scout reported the following packages with resolvable vulnerabilities:

GoLang stdlib (>= 1.20.10)
CVE-2023-44487
CVE-2023-39325
CVE-2023-39319
CVE-2023-39318
CVE-2023-29409

golang.org/x/net (>= 0.17.0)
CVE-2023-44487
CVE-2023-39325
CVE-2023-3978

google.golang.org/grpc (>= 1.56.3)
GHSA-m425-mq94-257g
CVE-2023-44487

github.com/cloudflare/circl (>= 1.3.3)
CVE-2023-1732

Please review and update these packages.

EDIT:
The command I use is this
curl -L --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb && dpkg -i cloudflared.deb
running on Ubuntu 23.10