Vulnerabilities in go verson 1.20.4
Moran-k opened this issue · 1 comments
Moran-k commented
Hi Pluto team,
The following vulnerabilities have been identified in Pluto version v5.18.4
during our monthly scan of 3rd party utilities:
VulnerabilityID | Severity | Installed Version | Fixed Version |
---|---|---|---|
CVE-2023-24540 | CRITICAL | 1.20.4 | 1.20.4-r0 |
CVE-2023-29402 | CRITICAL | 1.20.4 | 1.20.5-r0 |
CVE-2023-29404 | CRITICAL | 1.20.4 | 1.20.5-r0 |
CVE-2023-29405 | CRITICAL | 1.20.4 | 1.20.5-r0 |
Can you release a new version of this excellent tool built with a more recent GO version?
Moran-k commented
Hi @sudermanjr,
Sorry for raising this issue again. It seems like Pluto version 5.18.5 was built with Go version 1.20.4 instead of 1.21.X
Our security scanning still detects the same GO vulnerabilities.
Also, executing the go version
command on the latest pluto binary, we see go version 1.20.4
> go version pluto
pluto: go1.20.4