You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current library version has a lot of vulnerabilities in it's dependencies:
% govulncheck ./...
=== Symbol Results ===
Vulnerability #1: GO-2024-3333
Non-linear parsing of case-insensitive content in golang.org/x/net/html
More info: https://pkg.go.dev/vuln/GO-2024-3333
Module: golang.org/x/net
Found in: golang.org/x/[email protected]
Fixed in: golang.org/x/[email protected]
Example traces found:
#1: renderer.go:523:24: term.renderer.renderHTMLBlock calls html.Parse
Vulnerability #2: GO-2024-3205
Infinite loop in github.com/gomarkdown/markdown
More info: https://pkg.go.dev/vuln/GO-2024-3205
Module: github.com/gomarkdown/markdown
Found in: github.com/gomarkdown/[email protected]
Fixed in: github.com/gomarkdown/[email protected]
Example traces found:
#1: markdown.go:29:19: term.Render calls markdown.Parse, which calls parser.Parser.Parse
Vulnerability #3: GO-2024-2937
Panic when parsing invalid palette-color images in golang.org/x/image
More info: https://pkg.go.dev/vuln/GO-2024-2937
Module: golang.org/x/image
Found in: golang.org/x/[email protected]
Fixed in: golang.org/x/[email protected]
Example traces found:
#1: renderer.go:907:42: term.renderer.renderImage calls ansimage.NewScaledFromReader, which eventually calls tiff.Decode
Vulnerability #4: GO-2023-2074
Parser out-of-bounds read caused by a malformed markdown input in
github.com/gomarkdown/markdown
More info: https://pkg.go.dev/vuln/GO-2023-2074
Module: github.com/gomarkdown/markdown
Found in: github.com/gomarkdown/[email protected]
Fixed in: github.com/gomarkdown/[email protected]
Example traces found:
#1: markdown.go:32:18: term.Render calls markdown.Render, which eventually calls parser.Parser.Inline
#2: markdown.go:29:19: term.Render calls markdown.Parse, which calls parser.Parser.Parse
Vulnerability #5: GO-2023-1990
Excessive CPU consumption when decoding 0-height images in
golang.org/x/image/tiff
More info: https://pkg.go.dev/vuln/GO-2023-1990
Module: golang.org/x/image
Found in: golang.org/x/[email protected]
Fixed in: golang.org/x/[email protected]
Example traces found:
#1: renderer.go:907:42: term.renderer.renderImage calls ansimage.NewScaledFromReader, which eventually calls tiff.Decode
Vulnerability #6: GO-2023-1989
Excessive resource consumption in golang.org/x/image/tiff
More info: https://pkg.go.dev/vuln/GO-2023-1989
Module: golang.org/x/image
Found in: golang.org/x/[email protected]
Fixed in: golang.org/x/[email protected]
Example traces found:
#1: renderer.go:907:42: term.renderer.renderImage calls ansimage.NewScaledFromReader, which eventually calls tiff.Decode
Vulnerability #7: GO-2023-1572
Denial of service via crafted TIFF image in golang.org/x/image/tiff
More info: https://pkg.go.dev/vuln/GO-2023-1572
Module: golang.org/x/image
Found in: golang.org/x/[email protected]
Fixed in: golang.org/x/[email protected]
Example traces found:
#1: renderer.go:907:42: term.renderer.renderImage calls ansimage.NewScaledFromReader, which eventually calls tiff.Decode
Your code is affected by 7 vulnerabilities from 3 modules.
This scan also found 2 vulnerabilities in packages you import and 5
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
The problem can be solved by updating the dependencies:
The current library version has a lot of vulnerabilities in it's dependencies:
The problem can be solved by updating the dependencies:
After updating the vulnerabilities are gone:
Please update all dependencies.
The text was updated successfully, but these errors were encountered: