We install the toolkit from the Percona website.
Software link: https://downloads.percona.com/downloads/percona-toolkit/3.5.2/binary/tarball/percona-toolkit-3.5.2_x86_64.tar.gz
After installing the software and scanning the image with Twistlock gives us the below list of CVEs.
Can we expect a newer tar gz for Linux OS be published and when?
-----------------
| CVE |
SEVERITY |
CVSS |
* PACKAGE * |
VERSION |
STATUS |
PUBLISHED |
DISCOVERED |
* DESCRIPTION * |
-----------------
| CVE-2023-24538 |
critical |
9.80 |
go |
1.20.2 |
fixed in 1.20.3, 1.19.8 |
17 days |
< 1 hour |
Templates do not properly consider backticks (`) |
| |
|
|
|
|
6 days ago |
|
|
as Javascript string delimiters, and do not escape |
| |
|
|
|
|
|
|
|
them as expected. Backticks are used, since ES6, |
-----------------
| CVE-2023-24537 |
high |
7.50 |
go |
1.20.2 |
fixed in 1.20.3, 1.19.8 |
17 days |
< 1 hour |
Calling any of the Parse functions on Go source |
| |
|
|
|
|
10 days ago |
|
|
code which contains //line directives with very |
| |
|
|
|
|
|
|
|
large line numbers can cause an infinite loop due |
-----------------
| CVE-2023-24536 |
high |
7.50 |
go |
1.20.2 |
fixed in 1.20.3, 1.19.8 |
17 days |
< 1 hour |
Multipart form parsing can consume large amounts |
| |
|
|
|
|
6 days ago |
|
|
of CPU and memory when processing form inputs |
| |
|
|
|
|
|
|
|
containing very large numbers of parts. This stems |
-----------------
| CVE-2023-24534 |
high |
7.50 |
go |
1.20.2 |
fixed in 1.20.3, 1.19.8 |
17 days |
< 1 hour |
HTTP and MIME header parsing can allocate large |
| |
|
|
|
|
5 days ago |
|
|
amounts of memory, even when parsing small inputs, |
| |
|
|
|
|
|
|
|
potentially leading to a denial of service. |
-----------------
Bug
Medium