You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This vulnrability impacts Grafana server (>=9.2.0 and < 9.2.4) )and should not be marked against the Grafana go package.
The latest Grafana Go package version is v6.1.6+incompatible
The text was updated successfully, but these errors were encountered:
Hi @51n15t9r, thanks for your report. With repositories like grafana, that are not really intended to be used as libraries, and which use custom versioning, it is not always clear how to create a precise and helpful vulnerability report.
May I ask, how did you come across this issue? Did you notice a false positive report from govulncheck or another security scanner?
Hi @tatianab - This was reported in our Anchore container scan.
I had not run govulncheck uptil now, but I can see these reported in govulncheck as well.
There are a bunch of such vulnerabilities on the same go library package, which I believe should be relooked at, since the description and fix version suggests that they affect only the Grafana server.
Hi again, thanks for the clarification. Would you be willing to share the output from your Anchore container scan or govulncheck? In particular, what version and packages of the grafana library are you using? (If you'd rather share privately, you can send an email to [email protected]).
Report ID
GO-2024-2856
Suggestion/Comment
This vulnrability impacts Grafana server (>=9.2.0 and < 9.2.4) )and should not be marked against the Grafana go package.
The latest Grafana Go package version is v6.1.6+incompatible
The text was updated successfully, but these errors were encountered: