Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-47108 - OpenTelemetry-Go Contrib #5803

Closed
MaikiGirardi opened this issue Nov 17, 2023 · 0 comments · Fixed by #5806
Closed

CVE-2023-47108 - OpenTelemetry-Go Contrib #5803

MaikiGirardi opened this issue Nov 17, 2023 · 0 comments · Fixed by #5806
Labels
bug Something isn't working frozen-due-to-age Locked due to a period of inactivity. Please open new issues or PRs if more discussion is needed.

Comments

@MaikiGirardi
Copy link

MaikiGirardi commented Nov 17, 2023
edited
Loading

What's wrong?

Our scanners flagged Grafana Agent containing CVE-2023-47108 vulnerability. Checking the GO dependencies sounds like that this is not a false positive because looking at the latest version 0.37.4 and 0.38_rc the dependency is not using the version that contains the fix on it.

CVE-2023-47108

Could you please verify it?

Thanks.

Steps to reproduce

None.

System information

Linux

Software version

Grafana Agent v0.37.4 and v0.38.0

Configuration

No response

Logs

No response
@MaikiGirardi MaikiGirardi added the bug Something isn't working label Nov 17, 2023
@hainenber hainenber mentioned this issue Nov 18, 2023
Merged
1 task
@github-actions github-actions bot added the frozen-due-to-age Locked due to a period of inactivity. Please open new issues or PRs if more discussion is needed. label Feb 21, 2024
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working frozen-due-to-age Locked due to a period of inactivity. Please open new issues or PRs if more discussion is needed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump otelgrpc to fix CVE 2023 47108 hainenber/agent
1 participant
@MaikiGirardi