New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-45338 #2323

Open

MoeBensu opened this issue Feb 18, 2025 · 1 comment

MoeBensu commented Feb 18, 2025 •

edited

Loading

Trivy reports the high CVE-2024-45338 at golang.org/x/net for the latest v3.4 release

trivy image -v hairyhenderson/gomplate:latest

I think, the gomplate does not use the vulnerable package golang.org/x/net/html, right? At least, this was the case regarding an old CVE that was found in the past in this same package.

~ Thank you

The text was updated successfully, but these errors were encountered:

Owner

hairyhenderson commented Feb 21, 2025

I think, the gomplate does not use the vulnerable package golang.org/x/net/html, right?

Correct. This is a false positive.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment