-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: suggestion regarding GO-2023-2328 vulnerability solved in release v2.11.0 #2427
Labels
Comments
Can whatever needs to be done to mark this as solved be done, pretty please? This vulnerability has been hanging around for ages and I'm fed up with seeing it in my govuln reports! |
Change https://go.dev/cl/554155 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Jan 4, 2024
Add fixed version and fix commit. Aliases: CVE-2023-45286, GHSA-xwh9-gc39-5298 Updates #2328 Updates #2427 Change-Id: Ia8373db660975a01f455d2b60d5e1d9f73a2c30b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/554155 Reviewed-by: Tim King <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
Thanks - the report has now been updated (https://pkg.go.dev/vuln/GO-2023-2328). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Report ID
GO-2023-2328
Suggestion/Comment
It looks like this vulnerability is solved in release v2.11.0.
"Security: Don't put the same bytes.Buffer into sync.Pool twice by @lattwood in go-resty/resty#745, go-resty/resty#764, go-resty/resty#756 "
The text was updated successfully, but these errors were encountered: