Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please upgrade goproxy Denial of Service vulnerability #826

Closed
mixeract opened this issue Aug 10, 2023 · 0 comments · Fixed by #832
Closed

Please upgrade goproxy Denial of Service vulnerability #826

mixeract opened this issue Aug 10, 2023 · 0 comments · Fixed by #832

Comments

@mixeract
Copy link

github.com/elazarl/goproxy had fixed an issue with v1.1 that can cause a denial of service.

go mod graph  |grep github.com/elazarl/goproxy
github.com/go-git/go-git/v5@v5.8.1 github.com/elazarl/goproxy@v0.0.0-20221015165544-a0805db90819

The patched version is 0.0.0-20230731152917-f99041a5c027
@svghadi svghadi mentioned this issue Aug 29, 2023
Merged
svghadi added a commit to svghadi/go-git that referenced this issue Aug 29, 2023
@svghadi
*: Bump goproxy dep. Fixes go-git#826
f71a449 
CVE-2023-37788 is patched in goproxy v0.0.0-20230731152917-f99041a5c027

Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update goproxy dependency to fix CVE-2023-37788 vulnerability svghadi/go-git
1 participant
@mixeract