Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Addressing CVE-2021-3538 with satori/go.uuid #4068

Closed
marwanad opened this issue May 7, 2021 · 2 comments · Fixed by #4070
Closed

Addressing CVE-2021-3538 with satori/go.uuid #4068

marwanad opened this issue May 7, 2021 · 2 comments · Fixed by #4070
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@marwanad
Copy link
Member

marwanad commented May 7, 2021

There's an unresolved CVE that impacts the satori/go.uuid library. I noticed the two providers using the library.

Should probably switch to a maintained UUID library like https://github.com/google/uuid or something.

Tagging owners @ringtail @avorima @schegi
@marwanad marwanad added the kind/bug Categorizes issue or PR as related to a bug. label May 7, 2021
@avorima avorima mentioned this issue May 10, 2021
Merged
@skorati
Copy link

skorati commented Feb 9, 2022

Hi Team,

Magnum provider is using satori/go.uuid, could you please remove the dependency there as well?

@ringtail
Copy link
Contributor

CC @IrisIris

@Shubham82 Shubham82 mentioned this issue Apr 28, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replace package satori/go.uuid for cloudprovider ionoscloud StratoAG/autoscaler
3 participants
@ringtail @marwanad @skorati