CVE-2019-11840 worth investigating? #182
Comments
|
What part of zerolog would be affected? |
|
There is a fix for this (golang/go#30965), but this fix was merged on March 21st, you are using a commit from March 8th. Maybe updating your x/tools dependency to a newer version fixes this? |
|
I am not familiar with the library in depth, but I'm thinking wherever you are using the x/tools |
|
It’s used by the linter tool (should prob be excluded from go.mod, and it’s not using the crypto package). |
|
Forked it and tried it, tools is on latest commit actually (20190425)... Alright, thanks for the feedback, feel free to close this issue, thanks for the incredibly fast response! |
|
Actually there is a new version... Opened a PR just now |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://ossindex.sonatype.org/vuln/5121f5ff-9831-44a6-af2e-24f7301d1df7
Detected by DepShield in gojisvm/gojis#61
Maybe this isn't worth investigating or incorrect in this case, but I would like some feedback on this :)
The text was updated successfully, but these errors were encountered: