Fix vulnerability reported by Prisma Cloud on module github.com/emicklei/go-restful/v3 #36319
Comments
|
Thanks for filing this information. Vulnerability scanners tend to flag false positives in terms of code paths with vulnerabilities that are not used by the actual product. In these cases, the dependency in question will be updated the next time there is a functional need to do so. In the case of backends not maintained by the core team, as in this case, it may take some time as the backends tend not to be the highest priority for those teams. Thanks again for your interest! |
|
It may also help to reference the actual CVE in order to evaluate the vulnerability, as the internal PRISMA-2022-0227 reference is not something that appears to be publicly available. |
FYI you are correct that a CVE was never issued. This is the huntr page associated with the issue. |
Terraform Version
Use Cases
Prisma Cloud container vulnerability scanning reports a vulnerability on the indirect dependency github.com/emicklei/go-restful/v3 used in
internal/backend/remote-state/kubernetesFor reference: within the Prisma Cloud ecosystem, this vulnerability is referred to as PRISMA-2022-0227, rated 7.5 - High. The vulnerability is fixed in versions v.3.10.0 and upwards of github.com/emicklei/go-restful/v3.
A similar question was asked on HashiCorp Discuss here. To illustrate, a similar issue was raised on Kubernetes kubernetes/kubernetes#120604.
Attempted Solutions
#36318
Proposal
#36318
References
No response
The text was updated successfully, but these errors were encountered: