http-add-on
http-add-on copied to clipboard
kedacore
CVE-2022-29526 (Medium) detected in github.com/nxadm/tail-v1.4.8
CVE-2022-29526 - Medium Severity Vulnerability
Vulnerable Library - github.com/nxadm/tail-v1.4.8
[Revamped] Go package for reading from continuously updated files (tail -f)
Dependency Hierarchy:
- github.com/onsi/ginkgo-v1.16.5 (Root Library)
- :x: github.com/nxadm/tail-v1.4.8 (Vulnerable Library)
Found in HEAD commit: b3ce0e4e67ba887b24b523419d6a48bc2641d1ce
Found in base branch: main
Vulnerability Details
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
Publish Date: 2022-06-23
URL: CVE-2022-29526
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Step up your Open Source Security Game with Mend here
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "Published by a pub.dev verified publisher"){kind=small}