[PT-2092] Improper version of protobuf in go.sum - Percona JIRA

XML

Word

Printable

Details

Type: Bug
Status: Done
Priority: Medium
Resolution: Fixed
Affects Version/s: 3.4.0
Fix Version/s: 3.5.0
Component/s: None
Labels:
None

Needs Deploy:
Yes
Story Points:
0.5

Description

According to dependabot, go.sum in Percona Toolkit is vulnerable because links protobuf 1.3.1.

Dependabot report:

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Sveta Smirnova

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 20/Aug/22 10:58 AM

Updated:: 30/Nov/22 10:40 PM

Resolved:: 30/Aug/22 3:13 PM