Medium Vulnerability found on metrics-agent #256
Description
Hey guys, I found a new medium vulnerability found on metrics-agent for golang protobuf package.
{
[2024-05-23T11:50:22.175Z] "target": "metrics-agent",
[2024-05-23T11:50:22.175Z] "category": "lang-pkgs",
[2024-05-23T11:50:22.175Z] "type": "gobinary",
[2024-05-23T11:50:22.175Z] "vulnerabilities": [
[2024-05-23T11:50:22.175Z] {
[2024-05-23T11:50:22.175Z] "vulnerability_id": "CVE-2024-24786",
[2024-05-23T11:50:22.175Z] "severity": "MEDIUM",
[2024-05-23T11:50:22.175Z] "pkg_name": "google.golang.org/protobuf",
[2024-05-23T11:50:22.175Z] "pkg_path": "",
[2024-05-23T11:50:22.175Z] "installed_version": "v1.32.0",
[2024-05-23T11:50:22.175Z] "fixed_version": "1.33.0",
[2024-05-23T11:50:22.175Z] "cvss_v2_score": "",
[2024-05-23T11:50:22.175Z] "cvss_v3_score": "5.9",
[2024-05-23T11:50:22.175Z] "status_summary": {
[2024-05-23T11:50:22.175Z] "priority": "MEDIUM",
[2024-05-23T11:50:22.175Z] "status": "FAILED"
[2024-05-23T11:50:22.175Z] }
[2024-05-23T11:50:22.175Z] }
Need to update the go package from v1.32.0 to v1.33.0