Skip to content

Update vulnerable packages#1412

Open
anjmao wants to merge 1 commit intok0sproject:mainfrom
anjmao:update-vulnerable-packages
Open

Update vulnerable packages#1412
anjmao wants to merge 1 commit intok0sproject:mainfrom
anjmao:update-vulnerable-packages

Conversation

@anjmao
Copy link
Copy Markdown

@anjmao anjmao commented Apr 2, 2026

Hi team, Trivy reported Critical and High severity vulnerability. Could we update dependencies?

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 1)

┌──────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│           Library            │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                            │
├──────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ go.opentelemetry.io/otel/sdk │ CVE-2026-24051 │ HIGH     │ fixed  │ v1.34.0           │ 1.40.0        │ OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution │
│                              │                │          │        │                   │               │ via PATH Hijacking                                          │
│                              │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-24051                  │
├──────────────────────────────┼────────────────┼──────────┤        ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ google.golang.org/grpc       │ CVE-2026-33186 │ CRITICAL │        │ v1.72.3           │ 1.79.3        │ google.golang.org/grpc/grpc-go:                             │
│                              │                │          │        │                   │               │ google.golang.org/grpc/authz: gRPC-Go: Authorization bypass │
│                              │                │          │        │                   │               │ due to improper HTTP/2 path validation                      │
│                              │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-33186                  │
└──────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

@anjmao anjmao requested a review from a team as a code owner April 2, 2026 08:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@anjmao