CVE vulnerability for Image vault:v1.11.3

Hello Team,

Below vulnerabilities have been detected for Image vault:v1.11.3 by the vulnerability scanner.

Component: CVE-2022-27664

Please let us when it will get fixed ?


It sounds like you may be simply attempting to drive the number of issues reported from your scanner to zero, without considering the content of the vulnerabilities, or whether they are relevant in context.

Is this issue actually of concern in your environment?

The issue has been fixed upstream in Go 1.18 and 1.19. It has not been fixed in the Go 1.17 series, which is used by Vault 1.11, so I would not expect to see a fix in any future Vault 1.11 release.

The unreleased Vault 1.12 series is already using Go 1.18 - though currently of an affected version - so it is quite plausible that the fix will have been incorporated for Vault 1.12.0.

Hi @maxb
We will be deploying this in highly sensitive and critical infra. Due to security compliance, we have to eliminate all the high vulnerabilities.