FairwindsOps/pluto

Vulnerabilities in go verson 1.20.4

Moran-k opened this issue · 1 comments

Hi Pluto team,

The following vulnerabilities have been identified in Pluto version v5.18.4 during our monthly scan of 3rd party utilities:

VulnerabilityID Severity Installed Version Fixed Version
CVE-2023-24540 CRITICAL 1.20.4 1.20.4-r0
CVE-2023-29402 CRITICAL 1.20.4 1.20.5-r0
CVE-2023-29404 CRITICAL 1.20.4 1.20.5-r0
CVE-2023-29405 CRITICAL 1.20.4 1.20.5-r0

Can you release a new version of this excellent tool built with a more recent GO version?

Hi @sudermanjr,

Sorry for raising this issue again. It seems like Pluto version 5.18.5 was built with Go version 1.20.4 instead of 1.21.X
Our security scanning still detects the same GO vulnerabilities.
Also, executing the go version command on the latest pluto binary, we see go version 1.20.4

> go version pluto
pluto: go1.20.4