Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability in nested dependency github.com/golang-jwt/jwt/v4 v4.5.0 #794

Closed
serhii-stanislavskyi-checkmarx opened this issue Nov 14, 2024 · 0 comments
Closed

Vulnerability in nested dependency github.com/golang-jwt/jwt/v4 v4.5.0 #794

serhii-stanislavskyi-checkmarx opened this issue Nov 14, 2024 · 0 comments
Assignees
@michaelquigley
Labels
defect Something isn't working
Milestone
v0.4

Comments

@serhii-stanislavskyi-checkmarx
Copy link

Hello everyone.
I've found that nested dependency github.com/golang-jwt/jwt/v4 v4.5.0 contains vulnerability CVE-2024-51744.
It was fixed in next version 4.5.1.
The quick fix is to add:
replace github.com/golang-jwt/jwt/v4 => github.com/golang-jwt/jwt/v4 v4.5.1
into go.mod.

It would be good to fix it in next release.
Thanks
@michaelquigley michaelquigley self-assigned this Nov 14, 2024
@michaelquigley michaelquigley added the defect Something isn't working label Nov 14, 2024
@michaelquigley michaelquigley added this to the v0.4 milestone Nov 14, 2024
michaelquigley added a commit that referenced this issue Nov 14, 2024
@michaelquigley
update github.com/golang-jwt/jwt/v4 to v4.5.1 (#794)
37bc5ab
michaelquigley added a commit that referenced this issue Nov 14, 2024
@michaelquigley
changelog (#794)
77ac466
@michaelquigley michaelquigley mentioned this issue Nov 14, 2024
Merged
michaelquigley added a commit that referenced this issue Nov 14, 2024
@michaelquigley
Merge pull request #795 from openziti/golang-jwt-v4.5.1
8d8f926 
Update github.com/golang-jwt/jwt/v4 to v4.5.1 (#794)
@github-project-automation github-project-automation bot moved this from Backlog to Done in zrok Development Roadmap Nov 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelquigley michaelquigley

Labels
defect Something isn't working
Projects
zrok Development Roadmap
Status: Done
Milestone
v0.4
Development

No branches or pull requests
2 participants
@michaelquigley @serhii-stanislavskyi-checkmarx