go.etcd.io/[email protected]+incompatible has vulnerabilities — update to latest
Update to >= 0.5.0-alpha.5.0.20221102000833-1f054980bc27 to fix known vulnerabilities
| Severity | ID | Summary | Fixed in |
|---|---|---|---|
| high | CVE-2020-15114 | Etcd Gateway can include itself as an endpoint resulting in resource exhaustion | 3.3.23 |
| high | CVE-2018-16886 | go.etcd.io/etcd Authentication Bypass | 0.5.0-alpha.5.0.20190108173120-83c051b701d3 |
| low | BIT-etcd-2020-15106 | Panic due to malformed WALs in go.etcd.io/etcd | 0.5.0-alpha.5.0.20200423152442-f4b650b51dc4 |
Get this data programmatically — free, no authentication.
curl https://depscope.dev/api/check/go/go.etcd.io/etcdLast updated · 2017-02-16T03:25:01Z
| high | BIT-etcd-2026-33413 | etcd: Authorization bypasses in multiple APIs | 3.4.42 |
| low | BIT-etcd-2026-33343 | etcd: Nested etcd transactions bypass RBAC authorization checks | 3.4.42 |
| medium | CVE-2018-1099 | DNS Rebinding in etcd | 3.4.0 |
| medium | CVE-2020-15136 | Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records | 3.3.23 |
| unknown | BIT-etcd-2020-15106 | Panic due to malformed WALs in go.etcd.io/etcd | 0.5.0-alpha.5.0.20200423152442-f4b650b51dc4 |
| unknown | CVE-2018-16886 | Authentication bypass in go.etcd.io/etcd | 0.5.0-alpha.5.0.20190108173120-83c051b701d3 |
| unknown | GHSA-5x4g-q5rc-36jp | Insecure ciphers are allowed by default in go.etcd.io/etcd | 0.5.0-alpha.5.0.20221102000833-1f054980bc27 |
| unknown | GHSA-j86v-2vjr-fg8f | Etcd Gateway TLS endpoint validation only confirms TCP reachability in go.etcd.io/etcd | — |
| unknown | GHSA-pm3m-32r3-7mfh | Etcd embed auto compaction retention negative value causing a compaction loop or a crash in go.etcd.io/etcd | — |
| unknown | GHSA-vjg6-93fv-qv64 | Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in go.etcd.io/etcd | — |