hashicorp/consul CVE-2018-19653 CVE-2020-7219 CVE-2020-13250 CVE-2020-28053 #9198
Labels
area/consul
bug
unexpected problem or unintended behavior
security
raise security concerns or improve the security of Telegraf
Comments
ssoroka
added
the
security
This was referenced Apr 27, 2021
This was referenced Apr 30, 2021
|
Thanks a lot for fixing this! Would it be possible to cut a new release containing these fixes, please? This was I can update the Ubuntu telegraf package right away :-). Thanks in advance! |
We're planning to include them in 1.18.3, coming out around May 19. Until then you can use the package in the nightly builds: https://github.com/influxdata/telegraf/#nightly-builds |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Security scanning revealed that the version of https://github.com/hashicorp/consul being used by telegraf is affected by the following CVEs:
https://nvd.nist.gov/vuln/detail/CVE-2018-19653
https://nvd.nist.gov/vuln/detail/CVE-2020-7219
https://nvd.nist.gov/vuln/detail/CVE-2020-13250
https://nvd.nist.gov/vuln/detail/CVE-2020-28053
Based on the details provided by all of them, it seems that it should be enough to update the dependency to either one of the following versions: 1.6.10, 1.7.10, and 1.8.6.
The text was updated successfully, but these errors were encountered: