Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-45337 #154

Open
nicon89 opened this issue Jan 24, 2025 · 4 comments
Open

CVE-2024-45337 #154

nicon89 opened this issue Jan 24, 2025 · 4 comments

Comments

@nicon89
Copy link

nicon89 commented Jan 24, 2025

There's a CVE-2024-45337 detected in the mgob binary.

mgob (gobinary)
===============
Total: 1 (HIGH: 0, CRITICAL: 1)

┌─────────────────────┬────────────────┬──────────┬────────┬────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────┐
│       Library       │ Vulnerability  │ Severity │ Status │         Installed Version          │ Fixed Version │                         Title                          │
├─────────────────────┼────────────────┼──────────┼────────┼────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────┤
│ golang.org/x/crypto │ CVE-2024-45337 │ CRITICAL │ fixed  │ v0.0.0-20220622213112-05595931fe9d │ 0.31.0        │ golang.org/x/crypto/ssh: Misuse of                     │
│                     │                │          │        │                                    │               │ ServerConfig.PublicKeyCallback may cause authorization │
│                     │                │          │        │                                    │               │ bypass in golang.org/x/crypto                          │
│                     │                │          │        │                                    │               │ https://avd.aquasec.com/nvd/cve-2024-45337             │
└─────────────────────┴────────────────┴──────────┴────────┴────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────┘

@maxisam can you check it out?
@maxisam
Copy link
Owner

maxisam commented Jan 25, 2025

Thanks! feel free to make a PR

@nicon89 nicon89 mentioned this issue Jan 28, 2025
Open
@nicon89
Copy link
Author

nicon89 commented Jan 28, 2025

@maxisam sure, there you go: #155

@nicon89
Copy link
Author

nicon89 commented Jan 28, 2025

Btw, is there any reason why you keep 3 require sections in go.mod?

@maxisam
Copy link
Owner

maxisam commented Jan 28, 2025

I'm actually not an expert of go, so welcome to refactor it if you think it's not needed.

I will try to get to that PR this week.

Thanks for helping 😊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maxisam @nicon89