CVE-2022-29526 - golang.org/x/sys #15
Comments
|
Hi, I've experienced the same when scanning a Docker image that was built using webdevops/php-nginx:8.2 in AWS Inspector. The scan shows that the vulnerability CVE-2022-29526 exists on /usr/local/bin/go-replace. It looks like the go-replace's dependency github.com/jessevdk/go-flags which is using the golang.org/x/sys package hasn't updated their dependencies. |
|
Hi, It seems to be in go.mod but is marked as indirect. Maybe I should open a issue into go-flags to update the sys package dependencies ? EDIT: An issues has already been opened in the package and the recommandation seems to uses another fork package : go-flags-fork with golang.org/x/sys v0.10.0 as dependancy. |
|
No news, last commit / release a year ago. Dead project? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
When scanning a Docker image from webdevops with any inspector (eg: AWS Inspector). It only has one CVE remaining in the image.
CVE-2022-29526 on file path: usr/local/bin/go-replace.
The recommanded remediation is :
Upgrade your installed software packages to the proposed fixed in version and release.
Is it possible to upgrade this package to 0.1.0 ? Actually it is
v0.0.0-20220928140112-f11e5e49a4ecRegards.
The text was updated successfully, but these errors were encountered: