go has a few high severity vulnerabilities and one critical which impacts the stackdriver_exporter image
dugalp opened this issue · 1 comments
This is for the 0.11.0 version of stackdriver_exporter that comes with or built with go 1.15.1. This version of go has the following vulnerabilities:
https://nvd.nist.gov/vuln/detail/CVE-2021-38297 (Critical)
https://nvd.nist.gov/vuln/detail/CVE-2020-28362 (High)
https://nvd.nist.gov/vuln/detail/CVE-2020-28366 (High)
https://nvd.nist.gov/vuln/detail/CVE-2020-28367 (High)
https://nvd.nist.gov/vuln/detail/CVE-2021-27918 (High)
https://nvd.nist.gov/vuln/detail/CVE-2021-29923 (High)
https://nvd.nist.gov/vuln/detail/CVE-2021-33194 (High)
https://nvd.nist.gov/vuln/detail/CVE-2021-33195 (High)
https://nvd.nist.gov/vuln/detail/CVE-2021-33196 (High)
https://nvd.nist.gov/vuln/detail/CVE-2021-33198 (High)
Could you please help confirm and shed some light on the reason why this isn't fixed in a new version? If it is, which version?
Thank you,
-Patrick
Based on that list, it doesn't appear that they apply to any code use by this exporter.
If you can reproduce an actual vulnerability, please use our security reporting contact.