Details
-
Bug
-
Status: Done
-
Medium
-
Resolution: Fixed
-
3.4.0
-
None
-
None
-
Yes
-
0.5
Description
According to dependabot, go.sum in Percona Toolkit is vulnerable because links protobuf 1.3.1.
Dependabot report:
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.