You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
➜ nginx-supportpkg-for-k8s git:(main) ✗ govulncheck -show verbose ./...
Scanning your code and 946 packages across 138 dependent modules for known vulnerabilities...
Fetching vulnerabilities from the database...
Checking the code against the vulnerabilities...
=== Symbol Results ===
Vulnerability #1: GO-2024-2687
HTTP/2 CONTINUATION flood in net/http
More info: https://pkg.go.dev/vuln/GO-2024-2687
Module: golang.org/x/net
Found in: golang.org/x/[email protected]
Fixed in: golang.org/x/[email protected]
Example traces found:
#1: pkg/data_collector/data_collector.go:93:50: data_collector.NewDataCollector calls kubernetes.NewForConfig, which eventually calls http2.ConfigureTransports#2: cmd/nginx-supportpkg.go:96:27: cmd.Execute calls cobra.Command.Execute, which eventually calls http2.ConnectionError.Error#3: pkg/data_collector/data_collector.go:110:28: data_collector.DataCollector.WrapUp calls fmt.Sprintf, which eventually calls http2.ErrCode.String#4: pkg/data_collector/data_collector.go:110:28: data_collector.DataCollector.WrapUp calls fmt.Sprintf, which eventually calls http2.FrameHeader.String#5: pkg/data_collector/data_collector.go:110:28: data_collector.DataCollector.WrapUp calls fmt.Sprintf, which eventually calls http2.FrameType.String#6: cmd/nginx-supportpkg.go:96:27: cmd.Execute calls cobra.Command.Execute, which eventually calls http2.GoAwayError.Error#7: pkg/data_collector/data_collector.go:110:28: data_collector.DataCollector.WrapUp calls fmt.Sprintf, which eventually calls http2.Setting.String#8: pkg/data_collector/data_collector.go:110:28: data_collector.DataCollector.WrapUp calls fmt.Sprintf, which eventually calls http2.SettingID.String#9: cmd/nginx-supportpkg.go:96:27: cmd.Execute calls cobra.Command.Execute, which eventually calls http2.StreamError.Error#10: pkg/data_collector/data_collector.go:251:5: data_collector.DataCollector.QueryCRD calls rest.Request.Do, which eventually calls http2.Transport.NewClientConn#11: pkg/data_collector/data_collector.go:251:5: data_collector.DataCollector.QueryCRD calls rest.Request.Do, which eventually calls http2.Transport.RoundTrip#12: pkg/data_collector/data_collector.go:262:14: data_collector.DataCollector.AllNamespacesExist calls fmt.Printf, which eventually calls http2.chunkWriter.Write#13: cmd/nginx-supportpkg.go:96:27: cmd.Execute calls cobra.Command.Execute, which eventually calls http2.connError.Error#14: cmd/nginx-supportpkg.go:96:27: cmd.Execute calls cobra.Command.Execute, which eventually calls http2.duplicatePseudoHeaderError.Error#15: pkg/jobs/nic_job_list.go:80:22: jobs.NICJobList calls http2.gzipReader.Close#16: pkg/jobs/nic_job_list.go:74:26: jobs.NICJobList calls io.Copy, which eventually calls http2.gzipReader.Read#17: cmd/nginx-supportpkg.go:96:27: cmd.Execute calls cobra.Command.Execute, which eventually calls http2.headerFieldNameError.Error#18: cmd/nginx-supportpkg.go:96:27: cmd.Execute calls cobra.Command.Execute, which eventually calls http2.headerFieldValueError.Error#19: pkg/data_collector/data_collector.go:251:5: data_collector.DataCollector.QueryCRD calls rest.Request.Do, which eventually calls http2.noDialH2RoundTripper.RoundTrip#20: cmd/nginx-supportpkg.go:96:27: cmd.Execute calls cobra.Command.Execute, which eventually calls http2.pseudoHeaderError.Error#21: pkg/data_collector/data_collector.go:262:14: data_collector.DataCollector.AllNamespacesExist calls fmt.Printf, which eventually calls http2.stickyErrWriter.Write#22: pkg/jobs/nic_job_list.go:80:22: jobs.NICJobList calls http2.transportResponseBody.Close#23: pkg/jobs/nic_job_list.go:74:26: jobs.NICJobList calls io.Copy, which eventually calls http2.transportResponseBody.Read#24: pkg/data_collector/data_collector.go:110:28: data_collector.DataCollector.WrapUp calls fmt.Sprintf, which eventually calls http2.writeData.String
=== Package Results ===
No other vulnerabilities found.
=== Module Results ===
Vulnerability #1: GO-2024-2611
Infinite loop in JSON unmarshaling in google.golang.org/protobuf
More info: https://pkg.go.dev/vuln/GO-2024-2611
Module: google.golang.org/protobuf
Found in: google.golang.org/[email protected]
Fixed in: google.golang.org/[email protected]
Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call thesevulnerabilities.
To Reproduce
Steps to reproduce the behavior:
Run govulncheck -show verbose ./...
Expected behavior
No fixed vulnerabilities reported.
Screenshots
N/A
Environment
➜ nginx-supportpkg-for-k8s git:(main) ✗ govulncheck --version
Go: go1.22.4
Scanner: [email protected]
DB: https://vuln.go.dev
DB updated: 2024-06-20 18:18:26 +0000 UTC
Uh oh!
There was an error while loading. Please reload this page.
Describe the bug
To Reproduce
Steps to reproduce the behavior:
govulncheck -show verbose ./...
Expected behavior
Screenshots
N/A
Environment
Additional context
N/A
The text was updated successfully, but these errors were encountered: