Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No repair record has been found for a websocket vulnerability. Is there any impact? #12605

Closed
zhousam opened this issue Jan 7, 2021 · 1 comment
Closed

No repair record has been found for a websocket vulnerability. Is there any impact? #12605

zhousam opened this issue Jan 7, 2021 · 1 comment

Comments

@zhousam
Copy link

zhousam commented Jan 7, 2021

The current websocket version used by etcd is:
github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c // indirect

The websocket of this version has the following security vulnerability:
GHSA-jf24-p9p9-4rjh

Question:

No repair record of the websocket vulnerability is found in etcd 3.4.0 to 3.4.14.
Does this vulnerability have no security risk for etcd version 3.4.0 or above?
@spzala spzala mentioned this issue Jan 23, 2021
Merged
@spzala
Copy link
Member

spzala commented Jan 23, 2021

Thakns for reporting! Closing per above mentioned PR. The fix will go in the upcoming point release of 3.4

@spzala spzala closed this as completed Jan 23, 2021
@kari-awake kari-awake mentioned this issue Feb 15, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@spzala @zhousam