x/vulndb: suggestion regarding GO-2023-2328 vulnerability solved in release v2.11.0 #2427
Assignees
Labels
Comments
|
Can whatever needs to be done to mark this as solved be done, pretty please? This vulnerability has been hanging around for ages and I'm fed up with seeing it in my govuln reports! |
|
Change https://go.dev/cl/554155 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Jan 4, 2024
Add fixed version and fix commit. Aliases: CVE-2023-45286, GHSA-xwh9-gc39-5298 Updates #2328 Updates #2427 Change-Id: Ia8373db660975a01f455d2b60d5e1d9f73a2c30b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/554155 Reviewed-by: Tim King <taking@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
Thanks - the report has now been updated (https://pkg.go.dev/vuln/GO-2023-2328). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Report ID
GO-2023-2328
Suggestion/Comment
It looks like this vulnerability is solved in release v2.11.0.
"Security: Don't put the same bytes.Buffer into sync.Pool twice by @lattwood in go-resty/resty#745, go-resty/resty#764, go-resty/resty#756 "
The text was updated successfully, but these errors were encountered: