CVE-2021-38561
jonyscathe opened this issue · comments
jonyscathe commented
Hi,
We are using Trivy to scan for vulnerabilities on a container that has GRPC Health Probe in it.
We have just started getting a warning of severity UNKNOWN on golang.org/x/text v0.3.6 that is fixed in v0.3.7
The vulnerability ID is CVE-2021-38561, info here: https://osv.dev/vulnerability/GO-2021-0113
Ahmet Alp Balkan commented
If Parse is used to process untrusted user inputs, this may be used as a vector for a denial of service attack.
I suspect this tool is not used against untrusted servers. So this is very much like many of the x/text vulnerabilities that comes up and is not relevant to this tool.