Skip to content

Upgrade protobuf dependency to >= 1.3.2 to get rid of CVE-2021-3121 vulnerability #170

New issue
New issue
Open
Open
Upgrade protobuf dependency to >= 1.3.2 to get rid of CVE-2021-3121 vulnerability#170
@rishianand06

Description

@rishianand06
rishianand06
opened on Feb 20, 2023

gojay package has direct dependency on "github.com/golang/protobuf" with "v1.3.1" version. As there is high vulnerability CVE-2021-3121 reported in protobuf up to 1.3.1 as mentioned here https://nvd.nist.gov/vuln/detail/CVE-2021-3121.

We need to upgrade protobuf to >= 1.3.2 to fix the given CVE and release new version of gojay package.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions