go-replace icon indicating copy to clipboard operation
go-replace copied to clipboard
verified publisher icon webdevops

CVE-2023-24538/CVE-2023-24540 - stdlib

Open herman-aka-wouter opened this issue 1 year ago • 5 comments

package is build with stdlib 1.19.1 which has critical Vulnerabilities.

Fixed in Go >=1.19.9 and >=1.20.4.

anyway we can get an update?

herman-aka-wouter avatar Jun 05 '24 08:06 herman-aka-wouter

@mblaschke

herman-aka-wouter avatar Jun 05 '24 08:06 herman-aka-wouter

+1

#18

lasdou avatar Oct 16 '24 16:10 lasdou

Still an issue!!!

pimmesz avatar Apr 09 '25 13:04 pimmesz

adding CVE-2025-22871 and CVE-2025-22874 to this list of vulns that need fixing. Requires upgrade to >=1.24.4

pooley182 avatar Jun 23 '25 07:06 pooley182

I have forked this project and bumped all dependencies to clear all outstanding CVEs for the old version of go/stdlib. https://github.com/pooley182/go-replace/releases/tag/22.10.1

pooley182 avatar Jun 24 '25 07:06 pooley182