Address CVE-2023-45288

Question

Address CVE-2023-45288

ojcm opened this issue 8 months ago · 1 comments

Is there an existing issue for this?

I have searched the existing issues

Current Behavior

CVE-2023-45288 / GO-2024-2687 was recently published and govuln flags this repository as vulnerable. I believe the changes required to resolve this are:

Upgrade Go version to 1.21.9 or 1.22.2
Upgrade golang.org/x/net to v0.23.0

Expected Behavior

govuln does not detect any vulnerabilities

Steps To Reproduce

govulncheck ./...

Anything else?

https://pkg.go.dev/vuln/GO-2024-2687

Answer 1 · 2024-04-05T13:21:06.000Z

govulncheck is no longer flagging this repo as vulnerable.