Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability found in helm-s3 v0.14.0 #243

Closed
codechris1 opened this issue Nov 28, 2022 · 1 comment
Closed

Vulnerability found in helm-s3 v0.14.0 #243

codechris1 opened this issue Nov 28, 2022 · 1 comment
Milestone
0.15.0

Comments

@codechris1
Copy link

Our Security Scanning tools have identified Vulnerability in how go-restful parses. Can you please review this and help us with an update on following:

Documentation that explains the mitigation strategy that we can apply to reduce the severity level

Details on when is this going to be fixed with the expected version number and if its already fixed which version number is it fixed in.

Issues found in build: v0.14.0

Vulnerability Description

Package github.com/emicklei/go-restful/v3 Package Version v3.8.0 Compliance ID 416 Fixed Status Fixed Description github.com/emicklei/go-restful/v3 module from all versions is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead several security check bypass in a complex system. Vulnerability Link emicklei/go-restful#497

Could you confirm when are you going to update to the latest version of go-restful?
@hypnoglow
Copy link
Owner

Will be fixed in 0.15.0

@hypnoglow hypnoglow added this to the 0.15.0 milestone Sep 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.15.0
Development

No branches or pull requests
2 participants
@hypnoglow @codechris1