Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-24786 #3067

Closed
ryan33020 opened this issue Mar 13, 2024 · 1 comment · Fixed by #3068
Closed

CVE-2024-24786 #3067

ryan33020 opened this issue Mar 13, 2024 · 1 comment · Fixed by #3068
Labels
area/security kind/security priority/p0 Highest priority. Break user flow. We are actively looking at delivering it.

Comments

@ryan33020
Copy link

Good afternoon,

Will CVE-2024-24786 be in the next release it is currently breaking prisma compute scans.
CVE-2024-24786 | google.golang.org/protobuf/encoding/protojson | v1.32.0 | fixed in 1.33.0 7 days ago
CVE-2024-24786 | google.golang.org/protobuf/internal/encoding/json | v1.32.0 | fixed in 1.33.0 7 days ago
@aaron-prindle aaron-prindle mentioned this issue Mar 13, 2024
Merged
@aaron-prindle
Copy link
Collaborator

aaron-prindle commented Mar 13, 2024
edited
Loading

Thank you for flagging this, I've submitted #3068 to resolve this which will be in the next release

@aaron-prindle aaron-prindle added area/security priority/p0 Highest priority. Break user flow. We are actively looking at delivering it. kind/security labels Mar 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security kind/security priority/p0 Highest priority. Break user flow. We are actively looking at delivering it.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: update google.golang.org/protobuff to resolve CVE-2024-24786 aaron-prindle/kaniko
2 participants
@ryan33020 @aaron-prindle