Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-995607 Snyk: gosnowflake golang.org/x/crypto v0.15.0 | Snyk ID - SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669 #1010

Closed
github-actions bot opened this issue Dec 21, 2023 · 3 comments
Closed

SNOW-995607 Snyk: gosnowflake golang.org/x/crypto v0.15.0 | Snyk ID - SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669 #1010

github-actions bot opened this issue Dec 21, 2023 · 3 comments
Assignees
@sfc-gh-pfus
Labels
security vulnerability Security vulnerability detected by WhiteSource

Comments

@github-actions
Copy link

Title: Snyk: gosnowflake golang.org/x/crypto v0.15.0
Additional information on Snyk can be found here: https://snyk.io/org/snowflakedb-sca-scanning-public-repo/project/70187b64-3a98-4b6f-a945-48604ebb7832
Repo: gosnowflake
CVE: CVE-2023-48795
Package Type: golang
Package Name: golang.org/x/crypto
Package Version: v0.15.0
Snyk ID: SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669
Vulnerability URL: http://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669
Severity: medium
Introduced Date: 2023-12-20
Projects with Vulnerability: snowflakedb/gosnowflake:go.mod
Target File: go.mod
JIRA Ticket: https://snowflakecomputing.atlassian.net/browse/SNOW-995607
@sfc-gh-dszmolka sfc-gh-dszmolka added security vulnerability Security vulnerability detected by WhiteSource status-in_progress Issue is worked on by the driver team labels Dec 27, 2023
@sfc-gh-dszmolka
Copy link
Contributor

need to bump crypto, in progress

@sfc-gh-dszmolka sfc-gh-dszmolka changed the title Snyk: gosnowflake golang.org/x/crypto v0.15.0 | Snyk ID - SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669 SNOW-995607 Snyk: gosnowflake golang.org/x/crypto v0.15.0 | Snyk ID - SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669 Jan 2, 2024
@sfc-gh-pbulawa
Copy link
Collaborator

PR #1019 merged

@sfc-gh-pbulawa sfc-gh-pbulawa added status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector. and removed status-in_progress Issue is worked on by the driver team labels Jan 9, 2024
@sfc-gh-dszmolka sfc-gh-dszmolka removed the status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector. label Jan 18, 2024
@sfc-gh-dszmolka
Copy link
Contributor

released with gosnowflake 1.7.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sfc-gh-pfus sfc-gh-pfus

Labels
security vulnerability Security vulnerability detected by WhiteSource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sfc-gh-dszmolka @sfc-gh-pbulawa @sfc-gh-pfus