| ##### |
| # Test souce mode with no callstacks |
| $ govulncheck -C ${moddir}/informational -show=traces . |
| Scanning your code and P packages across M dependent modules for known vulnerabilities... |
| |
| === Informational === |
| |
| Found 1 vulnerability in packages that you import, but there are no |
| call stacks leading to the use of this vulnerability. There is also 1 |
| vulnerability in modules that you require that is neither imported nor |
| called. You may not need to take any action. |
| See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details. |
| |
| Vulnerability #1: GO-2022-0969 |
| HTTP/2 server connections can hang forever waiting for a clean shutdown that |
| was preempted by a fatal error. This condition can be exploited by a |
| malicious client to cause a denial of service. |
| More info: https://pkg.go.dev/vuln/GO-2022-0969 |
| Standard library |
| Found in: net/http@go1.18 |
| Fixed in: net/http@go1.18.6 |
| |
| Vulnerability #2: GO-2021-0265 |
| A maliciously crafted path can cause Get and other query functions to |
| consume excessive amounts of CPU and time. |
| More info: https://pkg.go.dev/vuln/GO-2021-0265 |
| Module: github.com/tidwall/gjson |
| Found in: github.com/tidwall/gjson@v1.9.2 |
| Fixed in: github.com/tidwall/gjson@v1.9.3 |
| |
| No vulnerabilities found. |
| |
| Share feedback at https://go.dev/s/govulncheck-feedback. |