Skip to content

Not for review #2156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ddelnano wants to merge 8 commits into from

Add go_func_dwarf_dump binary used by opentelemetry go instrumentatio…

d24beba
Select commit
Loading
Failed to load commit list.
Closed

Not for review #2156

Add go_func_dwarf_dump binary used by opentelemetry go instrumentatio…
d24beba
Select commit
Loading
Failed to load commit list.
This check has been archived and is scheduled for deletion. Learn more about checks retention
GitHub Advanced Security / trivy-fs failed Mar 25, 2025 in 4s

7 new alerts including 4 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 4 high
  • 3 medium

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 1 in src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_client/testdata/go.mod

See this annotation in the file changed.

Code scanning / trivy-fs

gRPC-Go HTTP/2 Rapid Reset vulnerability High test

Package: google.golang.org/grpc
Installed Version: v1.53.0
Vulnerability GHSA-m425-mq94-257g
Severity: HIGH
Fixed Version: 1.56.3, 1.57.1, 1.58.3
Link: GHSA-m425-mq94-257g

Check warning on line 1 in src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_client/testdata/go.mod

See this annotation in the file changed.

Code scanning / trivy-fs

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) Medium test

Package: google.golang.org/grpc
Installed Version: v1.53.0
Vulnerability CVE-2023-44487
Severity: MEDIUM
Fixed Version: 1.58.3, 1.57.1, 1.56.3
Link: CVE-2023-44487

Check failure on line 1 in src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_client/testdata/go.mod

See this annotation in the file changed.

Code scanning / trivy-fs

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON High test

Package: google.golang.org/protobuf
Installed Version: v1.29.1
Vulnerability CVE-2024-24786
Severity: MEDIUM
Fixed Version: 1.33.0
Link: CVE-2024-24786

Check failure on line 1 in src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_server/testdata/go.mod

See this annotation in the file changed.

Code scanning / trivy-fs

gRPC-Go HTTP/2 Rapid Reset vulnerability High test

Package: google.golang.org/grpc
Installed Version: v1.53.0
Vulnerability GHSA-m425-mq94-257g
Severity: HIGH
Fixed Version: 1.56.3, 1.57.1, 1.58.3
Link: GHSA-m425-mq94-257g

Check warning on line 1 in src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_server/testdata/go.mod

See this annotation in the file changed.

Code scanning / trivy-fs

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) Medium test

Package: google.golang.org/grpc
Installed Version: v1.53.0
Vulnerability CVE-2023-44487
Severity: MEDIUM
Fixed Version: 1.58.3, 1.57.1, 1.56.3
Link: CVE-2023-44487

Check failure on line 1 in src/stirling/source_connectors/socket_tracer/protocols/http2/testing/go_grpc_server/testdata/go.mod

See this annotation in the file changed.

Code scanning / trivy-fs

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON High test

Package: google.golang.org/protobuf
Installed Version: v1.29.1
Vulnerability CVE-2024-24786
Severity: MEDIUM
Fixed Version: 1.33.0
Link: CVE-2024-24786

Check warning on line 1 in src/stirling/testing/demo_apps/go_https/client/testdata/go.mod

See this annotation in the file changed.

Code scanning / trivy-fs

golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net Medium test

Package: golang.org/x/net
Installed Version: v0.33.0
Vulnerability CVE-2025-22870
Severity: MEDIUM
Fixed Version: 0.36.0
Link: CVE-2025-22870