CVE-2023-45286: HTTP request body disclosure
tommed opened this issue · comments
Tom commented
You have an open security issue: GO-2023-2328.
It also has an assigned CVE: https://www.cve.org/CVERecord?id=CVE-2023-45286
Are you able to provide a fix please? Is there a known workaround which isn't known by the CVE.
Christian Fiderer commented
This issue is known since November 2, and PR #745 waits for approval since three weeks.
Tom commented
Ok understood thanks.
3 weeks for a CVE fix to be approved seems a little unresponsive? We'll need to mark this in our Technical Compliance Report and determine whether the risk is worth it. Good luck with the PR!
Jeevanandam M. commented