Snyk is reporting CVE-2023-7104 #2693

monwolf · 2024-05-14T11:54:11Z

Good afternoon,
We are using snyk to detect 3rd party vulns in our projects and we are getting a high vulnerability from your package.

gopkg.in/DataDog/dd-trace-go.v1@v1.63.1

To fix it, you just have to update from go-sqlite3@v1.14.16 to go-sqlite3@1.14.18 1.14.18

Best Regards,

monwolf · 2024-05-23T09:40:29Z

Hi @darccio,

have you had time to review this issue?

Regards,

darccio · 2024-05-23T10:08:28Z

@monwolf Yes, sorry, my reply slipped through the cracks. You can fix it in your side by importing v1.14.18 while we merge the update and release the next version.

…2714)

monwolf added the bug unintended behavior that has to be fixed label May 14, 2024

github-actions bot added the needs-triage New issues that have not yet been triaged label May 14, 2024

darccio self-assigned this May 14, 2024

darccio removed the needs-triage New issues that have not yet been triaged label May 14, 2024

darccio added a commit that referenced this issue May 28, 2024

go.mod: upgrade github.com/mattn/go-sqlite3 up to v1.14.18 (#2693)

423225e

darccio mentioned this issue May 28, 2024

go.mod: upgrade github.com/mattn/go-sqlite3 up to v1.14.18 (#2693) #2714

Merged

6 tasks

darccio added a commit that referenced this issue May 28, 2024

go.mod: upgrade github.com/mattn/go-sqlite3 up to v1.14.18 (#2693) (#…

eab7297

…2714)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Snyk is reporting CVE-2023-7104 #2693

Snyk is reporting CVE-2023-7104 #2693

monwolf commented May 14, 2024

monwolf commented May 23, 2024

darccio commented May 23, 2024

Snyk is reporting CVE-2023-7104 #2693

Snyk is reporting CVE-2023-7104 #2693

Comments

monwolf commented May 14, 2024

monwolf commented May 23, 2024

darccio commented May 23, 2024