https://github.com/johnmccabe/vuln-dep-golang

https://github.com/johnmccabe/vuln-dep-golang

Last synced: about 1 month ago
JSON representation

• Host: GitHub
• URL: https://github.com/johnmccabe/vuln-dep-golang
• Owner: johnmccabe
• Created: 2022-04-15T20:44:01.000Z (about 4 years ago)
• Default Branch: master
• Last Pushed: 2023-03-06T23:13:30.000Z (over 3 years ago)
• Last Synced: 2025-03-19T07:59:44.583Z (over 1 year ago)
• Language: Dockerfile
• Size: 48.8 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 6
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Vulnerable Go Dependency

Dummy app that depends on `github.com/hashicorp/vault` version `v1.2.0` which has CVEs, including:

- Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault (9.8 CRITICAL·GHSA-fp52-qw33-mfmw)

- Incorrect Permission Assignment for Critical Resource in HashiCorp Vault

(9.1 CRITICAL·GHSA-pfmw-vj74-ph8g)

- Improper Resource Shutdown or Release in HashiCorp Vault

(7.5 HIGH·GHSA-9vh5-r4qw-v3vv)

See https://deps.dev/go/github.com%2Fhashicorp%2Fvault/v1.2.0 for details.