You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note: The version is visible when running AzCopy without any argument
Azcopy 10.7.0 latest
Which platform are you using? (ex: Windows, Mac, Linux)
Linux
What command did you run?
Nexus IQ Scan on the go.sum file
Note: Please remove the SAS to avoid exposing your credentials. If you cannot remember the exact command, please retrieve it from the beginning of the log file.
What problem was encountered?
Security vulnerability reported as Azcopy 10.7.0 uses x/text package (below 0.3.3).
As per the go.sum file it used 0.3.0 an 0.3.2
Report mentioned --> x/text package below 0.3.3 has vulnerability in encoding/unicode that could lead to UTF-16 decoder entering an infinite loop, causing program to crash or run out of memory.
How can we reproduce the problem in the simplest way?
Running a Nexus IQ scan
Have you found a mitigation/solution?
As per the recommendation, Go modules to be updated to use x/text package v0.3.3 which addresses this vulnerability.
Ref: golang/go#39491
The text was updated successfully, but these errors were encountered:
Which version of the AzCopy was used?
Note: The version is visible when running AzCopy without any argument
Azcopy 10.7.0 latest
Which platform are you using? (ex: Windows, Mac, Linux)
Linux
What command did you run?
Nexus IQ Scan on the go.sum file
Note: Please remove the SAS to avoid exposing your credentials. If you cannot remember the exact command, please retrieve it from the beginning of the log file.
What problem was encountered?
Security vulnerability reported as Azcopy 10.7.0 uses x/text package (below 0.3.3).
As per the go.sum file it used 0.3.0 an 0.3.2
Report mentioned --> x/text package below 0.3.3 has vulnerability in encoding/unicode that could lead to UTF-16 decoder entering an infinite loop, causing program to crash or run out of memory.
How can we reproduce the problem in the simplest way?
Running a Nexus IQ scan
Have you found a mitigation/solution?
As per the recommendation, Go modules to be updated to use x/text package v0.3.3 which addresses this vulnerability.
Ref: golang/go#39491
The text was updated successfully, but these errors were encountered: