jkgonzio opened a new issue, #487: URL: https://github.com/apache/solr-operator/issues/487
I ran a flexline scan and ran into some security vulnerabilities that should be remediated: Vulnerability ID: CVE-2021-33194 Finding Level: High Package: golang.org/x/net/html Version: v0.0.0-20210520170846-37e1c6afe023 Fixed Version: 0.0.0-20210520170846-37e1c6afe023 Desc: golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. Link: https://avd.aquasec.com/nvd/2021/cve-2021-33194/ Vulnerability ID: CVE-2022-27664 Finding Level: High Package: golang.org/net/http Version: v0.0.0-20210428140749-89ef3d95e781 Fixed version: 0.0.0-20220906165146-f3363e06e74c Desc: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. Link: https://avd.aquasec.com/nvd/2022/cve-2022-27664/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
