You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The only package in golang.org/x/crypto transitively imported by packages in golang.org/x/mod is golang.org/x/crypto/ed25519, so I don't believe we're affected by this.
Of course, there's no harm in updating the dependency.
(In the future, it's preferred to report security issues by emailing security@golang.org instead of opening a public issue, in case a vulnerability needs to be resolved discreetly. https://golang.org/security explains more).
CVE-2020-9283
synk.io
cve.mitre.org
Does this issue reproduce with the latest release?
The master branch currently has v0.0.0-20191011191535-87dc89f01550
The text was updated successfully, but these errors were encountered: